×

Loading...
Ad by
  • 推荐 OXIO 加拿大高速网络,最低月费仅$40. 使用推荐码 RCR37MB 可获得一个月的免费服务
Ad by
  • 推荐 OXIO 加拿大高速网络,最低月费仅$40. 使用推荐码 RCR37MB 可获得一个月的免费服务

再请教:redhat ent-linux4, when creating self-signed cert for sunone/iplanet6.1-SSL, got err "Certificate extension not found"有大侠愿意指点吗?先谢了

本文发表在 rolia.net 枫下论坛Redhat Enterprise Linux 4, sunone/iplanet6.1, (1)(2)(3)都通过了,(2)verify self-CA的结果在最后,但(4)出错,谢谢指点

(1) create a self-CA
cd /usr/sunwebsvr/alias
/usr/sunwebsvr/bin/https/admin/bin/certutil -S -s "CN=selfca" -n selfca -x -t "C,C,C" -1 -2 -5 -m 1234 -d /usr/sunwebsvr/alias -P https-rhel4a-rhel4a-

(2) verify self-CA
bash-3.00$ /usr/sunwebsvr/bin/https/admin/bin/certutil -L -n selfca -d /usr/sunwebsvr/alias -P https-rhel4a-rhel4a-

(3) create a CSR
/usr/sunwebsvr/bin/https/admin/bin/certutil -R -s "CN=sunone" -o sunone.req -d /usr/sunwebsvr/alias -P https-rhel4a-rhel4a-

(4) self-CA issue sign above CSR
/usr/sunwebsvr/bin/https/admin/bin/certutil -C -m 2345 -i sunone.req -o sunone.crt -c selfca -d /usr/sunwebsvr/alias -P https-rhel4a-rhel4a-
出错
certutil: unable to find issuer with nickname selfca: Certificate extension notfound.

(2)的结果
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1234 (0x4d2)
Signature Algorithm: PKCS #1 MD5 With RSA Encryption
Issuer: CN=selfca
Validity:
Not Before: Thu May 07 18:38:49 2009
Not After: Fri Aug 07 18:38:49 2009
Subject: CN=selfca
Subject Public Key Info:
Public Key Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
00:c1:32:36:0a:f3:1c:79:5a:69:3d:6e:c0:9b:d5:
d6:c0:47:5e:d6:d1:a6:ce:2b:ea:f7:8e:51:36:5f:
dc:59:7c:02:a5:df:cc:0c:83:d8:34:7e:53:9f:e2:
ce:02:69:3c:33:32:ab:8e:fc:a1:7e:0b:71:97:27:
78:4a:d5:81:79:05:1c:04:66:f3:22:f7:a7:8b:cd:
d6:62:56:72:f5:8d:d5:c8:4c:bb:6c:01:e7:48:92:
a4:dc:ad:1a:2f:04:54:f8:c5:27:3a:54:d0:d7:6f:
97:79:7a:a3:f4:1b:d4:8d:8d:2c:5f:b2:3d:99:b8:
1f:f2:ae:e0:0f:08:87:82:7f
Exponent: 65537 (0x10001)
Signed Extensions:
Name:
Certificate Type
Critical:
True
Data: none

Name:
Certificate Basic Constraints
Critical:
True
Data: Is a CA with a maximum path length of -2.

Name:
Certificate Key Usage
Critical:
True
Data:
03:02:02:04

Fingerprint (MD5):
D4:1D:8C:D9:8F:00:B2:04:E9:80:09:98:EC:F8:42:7E
Fingerprint (SHA1):
DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09

Signature Algorithm: PKCS #1 MD5 With RSA Encryption
Signature:
22:83:df:94:a2:4e:91:e0:3d:80:64:9e:84:10:fd:35:60:25:
42:9e:69:8f:a9:34:ad:30:1b:a0:48:07:28:63:29:03:a7:c3:
8d:ad:bf:a5:31:ad:e5:2b:e7:1d:e2:99:de:92:92:76:c2:d3:
80:b4:4e:64:98:63:e8:fd:b4:9d:71:e8:ea:23:a9:0a:c3:fd:
c8:9b:2b:e7:41:38:22:71:45:4f:4c:d6:72:03:d1:bd:28:f9:
71:ed:4b:35:97:90:9a:9f:a4:65:09:5c:04:cb:95:f0:51:70:
32:a3:a9:b2:fc:13:10:f0:a4:d1:bb:9e:63:6a:0f:2f:1d:53:
e3:8d
Certificate Trust Flags:
SSL Flags:
Valid CA
Trusted CA
Email Flags:
Valid CA
Trusted CA
Object Signing Flags:
Valid CA
Trusted CA更多精彩文章及讨论,请光临枫下论坛 rolia.net
Report

Replies, comments and Discussions:

  • 工作学习 / 学科技术讨论 / 请问weblogic server usually used with which commercial webserver ( vs. websphere with ibm-http in most cases on aix/win32/zos/os400; sometimes with domino ). THX
    • iplanet
      • 谢谢
    • 再请教:redhat ent-linux4, when creating self-signed cert for sunone/iplanet6.1-SSL, got err "Certificate extension not found"有大侠愿意指点吗?先谢了
      本文发表在 rolia.net 枫下论坛Redhat Enterprise Linux 4, sunone/iplanet6.1, (1)(2)(3)都通过了,(2)verify self-CA的结果在最后,但(4)出错,谢谢指点

      (1) create a self-CA
      cd /usr/sunwebsvr/alias
      /usr/sunwebsvr/bin/https/admin/bin/certutil -S -s "CN=selfca" -n selfca -x -t "C,C,C" -1 -2 -5 -m 1234 -d /usr/sunwebsvr/alias -P https-rhel4a-rhel4a-

      (2) verify self-CA
      bash-3.00$ /usr/sunwebsvr/bin/https/admin/bin/certutil -L -n selfca -d /usr/sunwebsvr/alias -P https-rhel4a-rhel4a-

      (3) create a CSR
      /usr/sunwebsvr/bin/https/admin/bin/certutil -R -s "CN=sunone" -o sunone.req -d /usr/sunwebsvr/alias -P https-rhel4a-rhel4a-

      (4) self-CA issue sign above CSR
      /usr/sunwebsvr/bin/https/admin/bin/certutil -C -m 2345 -i sunone.req -o sunone.crt -c selfca -d /usr/sunwebsvr/alias -P https-rhel4a-rhel4a-
      出错
      certutil: unable to find issuer with nickname selfca: Certificate extension notfound.

      (2)的结果
      Certificate:
      Data:
      Version: 3 (0x2)
      Serial Number: 1234 (0x4d2)
      Signature Algorithm: PKCS #1 MD5 With RSA Encryption
      Issuer: CN=selfca
      Validity:
      Not Before: Thu May 07 18:38:49 2009
      Not After: Fri Aug 07 18:38:49 2009
      Subject: CN=selfca
      Subject Public Key Info:
      Public Key Algorithm: PKCS #1 RSA Encryption
      RSA Public Key:
      Modulus:
      00:c1:32:36:0a:f3:1c:79:5a:69:3d:6e:c0:9b:d5:
      d6:c0:47:5e:d6:d1:a6:ce:2b:ea:f7:8e:51:36:5f:
      dc:59:7c:02:a5:df:cc:0c:83:d8:34:7e:53:9f:e2:
      ce:02:69:3c:33:32:ab:8e:fc:a1:7e:0b:71:97:27:
      78:4a:d5:81:79:05:1c:04:66:f3:22:f7:a7:8b:cd:
      d6:62:56:72:f5:8d:d5:c8:4c:bb:6c:01:e7:48:92:
      a4:dc:ad:1a:2f:04:54:f8:c5:27:3a:54:d0:d7:6f:
      97:79:7a:a3:f4:1b:d4:8d:8d:2c:5f:b2:3d:99:b8:
      1f:f2:ae:e0:0f:08:87:82:7f
      Exponent: 65537 (0x10001)
      Signed Extensions:
      Name:
      Certificate Type
      Critical:
      True
      Data: none

      Name:
      Certificate Basic Constraints
      Critical:
      True
      Data: Is a CA with a maximum path length of -2.

      Name:
      Certificate Key Usage
      Critical:
      True
      Data:
      03:02:02:04

      Fingerprint (MD5):
      D4:1D:8C:D9:8F:00:B2:04:E9:80:09:98:EC:F8:42:7E
      Fingerprint (SHA1):
      DA:39:A3:EE:5E:6B:4B:0D:32:55:BF:EF:95:60:18:90:AF:D8:07:09

      Signature Algorithm: PKCS #1 MD5 With RSA Encryption
      Signature:
      22:83:df:94:a2:4e:91:e0:3d:80:64:9e:84:10:fd:35:60:25:
      42:9e:69:8f:a9:34:ad:30:1b:a0:48:07:28:63:29:03:a7:c3:
      8d:ad:bf:a5:31:ad:e5:2b:e7:1d:e2:99:de:92:92:76:c2:d3:
      80:b4:4e:64:98:63:e8:fd:b4:9d:71:e8:ea:23:a9:0a:c3:fd:
      c8:9b:2b:e7:41:38:22:71:45:4f:4c:d6:72:03:d1:bd:28:f9:
      71:ed:4b:35:97:90:9a:9f:a4:65:09:5c:04:cb:95:f0:51:70:
      32:a3:a9:b2:fc:13:10:f0:a4:d1:bb:9e:63:6a:0f:2f:1d:53:
      e3:8d
      Certificate Trust Flags:
      SSL Flags:
      Valid CA
      Trusted CA
      Email Flags:
      Valid CA
      Trusted CA
      Object Signing Flags:
      Valid CA
      Trusted CA更多精彩文章及讨论,请光临枫下论坛 rolia.net
      • Answer my own Q: I start using openssl to sign CSR generated from iplanet. Now self-signed-cert is shown in admin-console | manage-cert but I am having trouble to start https
      • if you use self-sign cert, you dont' need CSR.