{"id":423,"date":"2018-05-20T10:17:04","date_gmt":"2018-05-20T09:17:04","guid":{"rendered":"http:\/\/blog.chen-hongyi.com\/?p=423"},"modified":"2018-05-20T10:17:04","modified_gmt":"2018-05-20T09:17:04","slug":"%e6%b7%bb%e5%8a%a0%e6%9c%ac%e5%9c%b0%e8%87%aa%e7%ad%be%e5%90%8d%e8%af%81%e4%b9%a6%e5%90%8e%e7%bb%ad","status":"publish","type":"post","link":"https:\/\/chen-hongyi.com\/?p=423","title":{"rendered":"\u6dfb\u52a0\u672c\u5730\u81ea\u7b7e\u540d\u8bc1\u4e66\u540e\u7eed"},"content":{"rendered":"<p>\u6628\u5929\u6dfb\u52a0\u4e86\u81ea\u7b7e\u540d\u8bc1\u4e66\u540e\uff0c\u53d1\u73b0chrom \u8fd8\u662f\u4e0d\u8ba4\u53ef\uff0c\u8ba4\u4e3a\u8be5\u8bc1\u4e66\u7f3a\u5c11SAN (Subject Altenative Name).<br \/>\n\u539f\u6765chrome 57\u4ee5\u540e\uff0c\u52a0\u5165\u4e86\u8fd9\u4e2a\u8ba4\u8bc1\uff0e\u6240\u4ee5\u8fd8\u9700\u8981\u91cd\u65b0\u751f\u6210\u8bc1\u4e66\uff0e\u3000\u8fd9\u6b21\u4e3b\u8981\u53c2\u8003\u4e86\u8fd9\u7bc7\u6587\u7ae0<\/p>\n<p><a href=\"https:\/\/moxo.io\/blog\/2017\/08\/01\/%E7%AC%94%E8%AE%B0openssl-%E7%94%9F%E6%88%90%E8%87%AA%E7%AD%BE%E5%90%8D%E8%AF%81%E4%B9%A6%E9%81%87%E5%88%B0%E7%9A%84-missing_subjectaltname-%E9%97%AE%E9%A2%98\/\" rel=\"noopener\" target=\"_blank\">\u7b14\u8bb0\uff1aOpenSSL \u751f\u6210\u300c\u81ea\u7b7e\u540d\u300d\u8bc1\u4e66\u9047\u5230\u7684 missing_subjectAltName \u95ee\u9898<\/a><\/p>\n<p>\u548c<\/p>\n<p><a href=\"https:\/\/security.stackexchange.com\/questions\/74345\/provide-subjectaltname-to-openssl-directly-on-command-line\/159537#159537\" rel=\"noopener\" target=\"_blank\">Provide subjectAltName to openssl directly on command line<\/a><\/p>\n<p>\u91cd\u65b0\u6539\u8fdb\u7684\u751f\u6210\u8bc1\u4e66\u7684\u987a\u5e8f\u5982\u4e0b<br \/>\n<code><br \/>\n--<br \/>\n--\u3000Step 1 CA KEY<br \/>\n--<br \/>\nopenssl genrsa -out ca.key 2048<\/p>\n<p>--<br \/>\n-- Step 2 CA CRT<br \/>\n--<br \/>\nopenssl req -new -x509 -days 365 -key ca.key -subj \"\/C=CN\/ST=GD\/L=SZ\/O=Acme, Inc.\/CN=Acme Root CA\" -out ca.crt<\/p>\n<p>--<br \/>\n-- Step 3 CSR<br \/>\n--<br \/>\nopenssl req -newkey rsa:2048 -nodes -keyout server.key -subj \"\/C=CN\/ST=GD\/L=SZ\/O=Acme, Inc.\/CN=*.delianholiday.vm\" -out server.csr<\/p>\n<p>--<br \/>\n-- Step 4 Server CRT<br \/>\n--<br \/>\nopenssl x509 -req -extfile <(printf \"subjectAltName=DNS:delianholiday.vm,DNS:www.delianholiday.vm\") -days 365 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt\n<\/code><\/p>\n<p>\u7136\u540e\u5728apache\u7684vhost\u914d\u7f6e\u5185\u52a0\u4e0a<\/p>\n<p><code><br \/>\n  \u3000\u3000\u3000\u3000#adding custom SSL cert<br \/>\n        SSLEngine on<br \/>\n        SSLCertificateFile    \/var\/www\/delianholiday_web\/cert\/server.crt<br \/>\n        SSLCertificateKeyFile \/var\/www\/delianholiday_web\/cert\/server.key<br \/>\n        SSLCACertificateFile  \/var\/www\/delianholiday_web\/cert\/ca.crt<\/p>\n<p><\/code><\/p>\n<p>\u7136\u540e\u5728chrome\u5bfc\u5165server.crt\u548cca.crt \u4e24\u4e2a\u8bc1\u4e66\uff0c\u91cd\u542fchrome\u540e\u5c31\u641e\u5b9a\u4e86\uff0e<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u6628\u5929\u6dfb\u52a0\u4e86\u81ea\u7b7e\u540d\u8bc1\u4e66\u540e\uff0c\u53d1\u73b0chrom \u8fd8\u662f\u4e0d\u8ba4\u53ef\uff0c\u8ba4\u4e3a\u8be5\u8bc1\u4e66\u7f3a\u5c11SAN (Su &hellip; <a href=\"https:\/\/chen-hongyi.com\/?p=423\">\u7ee7\u7eed\u9605\u8bfb <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[71],"class_list":["post-423","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-ssl-apache-san"],"_links":{"self":[{"href":"https:\/\/chen-hongyi.com\/index.php?rest_route=\/wp\/v2\/posts\/423","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/chen-hongyi.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/chen-hongyi.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/chen-hongyi.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/chen-hongyi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=423"}],"version-history":[{"count":1,"href":"https:\/\/chen-hongyi.com\/index.php?rest_route=\/wp\/v2\/posts\/423\/revisions"}],"predecessor-version":[{"id":424,"href":"https:\/\/chen-hongyi.com\/index.php?rest_route=\/wp\/v2\/posts\/423\/revisions\/424"}],"wp:attachment":[{"href":"https:\/\/chen-hongyi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=423"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/chen-hongyi.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=423"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/chen-hongyi.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=423"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}