问题描述
我需要一个用于在 Stunnel 的 CApath 目录中发布的文件的哈希名称.我在这个目录中有一些证书,它们运行良好.另外,我有一个服务器插入和服务器密钥:
I need a hash-name for file for posting in Stunnel's CApath directory. I have got some certs in this directory and they are working well. Also, I have a server sert and server key:
cert = c:Program Files (x86)stunnelserver_cert.pem
key = c:Program> Files (x86)stunnelprivateserver_key.pem
当我尝试计算新证书的哈希值时,出现错误:
When I try to calculate a hash of my new cert, I get an error:
/etc/pki/tls/misc/c_hash cert.pem
unable to load certificate 140603809879880:error:0906D06C:PEM
routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
据我所知,我必须签署我的证书,但我不明白我该怎么做.请提供解决方案.
As I understand I must sign my cert, but I don't understand how I can do that.Please, provide the solution.
附:
消息
unable to load certificate 140603809879880:error:0906D06C:PEM
routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE:
当我为 cert.pem 制作 c_hash 时发布的这不是 server_cert.pem,这是 Root_CA,它的内容类似于
posted when I made c_hash for cert.pem This is not server_cert.pem, this is Root_CA and it is content something like
-----BEGIN CERTIFICATE-----
...6UXBNSDVg5rSx60=..
-----END CERTIFICATE-----
当我写
openssl x509 -noout -text -in cert.pem
在控制台面板中,我看到以下信息:
In console panel I see this info:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=BE, ST=BB, L=BB, O=BANKSYS NV, OU=SCY, CN=TEST Root CA
Validity
Not Before: May 31 08:06:40 2005 GMT
Not After : May 31 08:06:40 2020 GMT
Subject: C=BE, ST=BB, L=BB, O=BB NV, OU=SCY, CN=TEST Root CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:82:c8:58:1e:e5:7a:b2:63:a6:15:bd:f9:bb:1f:
............
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Subject Key Identifier:
76:70:AB:92:9B:B1:26:CE:9E:93:D8:77:4F:78:0D:B8:D4:6C:DA:C6
Signature Algorithm: sha1WithRSAEncryption
2c:7e:bd:3f:da:48:a4:df:8d:7c:96:58:f7:87:bd:e7:16:24:
...............
推荐答案
由于您使用的是 Windows,请确保您在 Windows 中的证书兼容",最重要的是每行末尾没有
^M
如果你打开它会是这样的:
If you open it it will look like this:
-----BEGIN CERTIFICATE-----^M
MIIDITCCAoqgAwIBAgIQL9+89q6RUm0PmqPfQDQ+mjANBgkqhkiG9w0BAQUFADBM^M
要解决this"问题,请使用 Write
或 Notepad++ 打开它并将其转换为 Windows样式"
To solve "this" open it with Write
or Notepad++ and have it convert it to Windows "style"
尝试运行 openssl x509 -text -inform DER -in server_cert.pem
并查看输出是什么,私钥/秘密密钥不太可能不受信任,仅信任如果您从密钥库导出密钥,则需要,是吗?
Try to run openssl x509 -text -inform DER -in server_cert.pem
and see what the output is, it is unlikely that a private/secret key would be untrusted, trust only is needed if you exported the key from a keystore, did you?
这篇关于OpenSSL:PEM 例程:PEM_read_bio:无起始行:pem_lib.c:703:预期:可信证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!