一段时间以来,我一直在使用我的内部系统使用相同的通配符证书。 我已经添加(并信任)证书到我的OSX钥匙串。 不过,当我尝试通过Chrome访问我的网站时,仍然收到错误消息:
Attackers might be trying to steal your information from jenkins.kensnet.priv (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID Subject: *.kensnet.priv Issuer: *.kensnet.priv Expires on: Oct 18, 2023 Current date: May 16, 2017 This server could not prove that it is jenkins.kensnet.priv; its security certificate is from [missing_subjectAltName]. This may be caused by a misconfiguration or an attacker intercepting your connection. 我如何让Chrome允许这个通配符证书?
您需要重新创build证书并分配一个SubjectAltName。 这对我在OSX 10.11.6 Brew适用:
openssl req -x509 -sha256 -nodes -days 3650 \ -newkey rsa:2048 -keyout visible.priv.key \ -out kensnet.priv.crt -subj "/CN=*.kensnet.priv" \ -reqexts SAN -extensions SAN -config <(cat /usr/local/etc/openssl/openssl.cnf \ <(printf '[SAN]\nsubjectAltName=DNS:*.kensnet.priv'))