问题描述
我目前正在一个小型网站上工作.为了使它看起来更加合法和专业,我想在浏览栏中拥有一个绿锁,上面带有我的名字(EV SSL证书).为普通和EV SSL证书创建了2个.pem文件.问题是:我不知道如何继续.我在包括StackOverflow在内的多个论坛上搜索了50个主题,但没有发现真正有用的东西.有人说过有关修改openssl配置,但是我真的不知道线程创建者是如何获得这些标志的,所以我什至没有尝试过,因为它们可能仍然无法工作.非常感谢您的帮助.
I am currently working on a small website. To make it look more legitimate and professional I'd like to have a green lock with my name on it in the browsing bar (EV SSL certificate). Have 2 .pem files for normal and EV SSL certificates created. The thing is: I don't know how to continue. I searched through like 50 threads on several forums including StackOverflow and haven't found anything really useful. Something was said about modifying the openssl config here, but I really don't know how the thread creator got these flags so I didn't even try them because they probably won't work anyways.I'd really appreciate help.
推荐答案
您无法生成自己签名或由自己的CA签名的证书,未经修改的浏览器会将其视为EV证书.通过在证书中具有特定于颁发证书的证书颁发机构的OID,可以将证书标记为EV.哪些机构可以颁发EV证书,哪些机构可以使用OID硬编码到浏览器中,也就是说,您需要更改源代码并重新编译浏览器以接受您自己的CA颁发的EV.
You cannot generate a certificate self-signed or signed by your own CA which is treated as EV certificate by unmodified browsers. Certificates are marked as EV by having OID in the certificate which are specific to the issuing certificate authority. Which authorities can issue EV certificates and which OID they use is hard coded into the browsers, i.e. you would need to change the source code and recompile the browsers to accept EV issued by your own CA.
有关更多信息,请参见可以建立我自己的扩展验证SSL证书?或如何生成自签名EV SSL证书?.
For more information see Can I build my own Extended Validation SSL certificate? or How to generate self-signed EV SSL Certificate?.
这篇关于创建用于本地使用的EV SSL证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!