具有扩展密钥用法的证书仅适用于Firefox

我试图生成一个自我签名证书到我的服务器的多个域。 我使用基于v3_req扩展名的openssl。 我使用这个命令行来生成具有多个域和扩展密钥用法的证书:

openssl x509 -req -days 3650 -in san_domain_com.csr -signkey san_domain_com.key -out san_domain_com.crt -extensions v3_req -extensions mysection -extfile openssl.cnf 

这是我的证书包含多个域的结果,但不是serverauth的扩展密钥用法,而且clientauth也只能从Firefox访问我的网站。 有人有这个想法吗? 谢谢

我的openssl.conf文件是这样构造的:

 # # OpenSSL example configuration file. # This is mostly being used for generation of certificate requests. # # This definition stops the following lines choking if HOME isn't # defined. HOME = . RANDFILE = $ENV::HOME/.rnd # Extra OBJECT IDENTIFIER info: #oid_file = $ENV::HOME/.oid oid_section = new_oids # To use this configuration file with the "-extfile" option of the # "openssl x509" utility, name here the section containing the # X.509v3 extensions to use: # extensions = # (Alternatively, use a configuration file that has only # X.509v3 extensions in its main [= default] section.) [ new_oids ] # We can add new OIDs in here for use by 'ca' and 'req'. # Add a simple OID like this: # testoid1=1.2.3.4 # Or use config file substitution like this: # testoid2=${testoid1}.5.6 streetAddress = 2.5.4.9 postalCode = 2.5.4.17 POBox = 2.5.4.18 #################################################################### [ ca ] default_ca = CA_default # The default ca section #################################################################### [ CA_default ] dir = ./demoCA # Where everything is kept certs = $dir/certs # Where the issued certs are kept crl_dir = $dir/crl # Where the issued crl are kept database = $dir/index.txt # database index file. new_certs_dir = $dir/newcerts # default place for new certs. certificate = $dir/cacert.pem # The CA certificate serial = $dir/serial # The current serial number crl = $dir/crl.pem # The current CRL private_key = $dir/private/cakey.pem# The private key RANDFILE = $dir/private/.rand # private random number file x509_extensions = usr_cert # The extentions to add to the cert # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs # so this is commented out by default to leave a V1 CRL. # crl_extensions = crl_ext default_days = 365 # how long to certify for default_crl_days= 30 # how long before next CRL default_md = sha1 # which md to use preserve = no # keep passed DN ordering # A few difference way of specifying how similar the request should look # For type CA, the listed attributes must be the same, and the optional # and supplied fields are just that :-) policy = policy_match # For the CA policy [ policy_match ] countryName = match stateOrProvinceName = match organizationName = match organizationalUnitName = optional commonName = supplied emailAddress = optional # For the 'anything' policy # At this point in time, you must list all acceptable 'object' # types. [ policy_anything ] countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional #################################################################### [ req ] default_bits = 2048 default_keyfile = privkey.pem default_md = sha1 distinguished_name = req_distinguished_name req_extensions = v3_req #attributes = req_attributes x509_extensions = v3_ca # The extentions to add to the self signed cert # Passwords for private keys if not present they will be prompted for # input_password = secret # output_password = secret # This sets a mask for permitted string types. There are several options. # default: PrintableString, T61String, BMPString. # pkix : PrintableString, BMPString. # utf8only: only UTF8Strings. # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). # MASK:XXXX a literal mask value. # WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings # so use this option with caution! string_mask = nombstr # req_extensions = v3_req # The extensions to add to a certificate request [ req_distinguished_name ] countryName = Nom du pays (code ISO a 2 lettres) countryName_default = FR countryName_min = 2 countryName_max = 2 stateOrProvinceName = Nom du departement stateOrProvinceName_default = Alpes Maritimes stateOrProvinceName_max = 64 localityName = Nom de la ville localityName_default = Nice localityName_max = 64 organizationName = Raison Sociale (nom officiel de l organisation) organizationName_default = Michel Durand SA organizationName_max = 64 # we can do this but it is not needed normally :-) #1.organizationName = Second Organization Name (eg, company) #1.organizationName_default = World Wide Web Pty Ltd organizationalUnitName = Nom commercial, service, ou texte libre (optionnel) organizationalUnitName_default = Fourni par TBS internet organizationalUnitName_max = 64 commonName = Adresse du site a securiser (FQDN de votre site) commonName_default = www.monsitessl.fr commonName_max = 64 # SET-ex3 = SET extension number 3 [ req_attributes ] challengePassword = A challenge password challengePassword_min = 4 challengePassword_max = 20 unstructuredName = An optional company name [ usr_cert ] # These extensions are added when 'ca' signs a request. # This goes against PKIX guidelines but some CAs do it and some software # requires this to avoid interpreting an end user certificate as a CA. basicConstraints=CA:FALSE # Here are some examples of the usage of nsCertType. If it is omitted # the certificate can be used for anything *except* object signing. # This is OK for an SSL server. # nsCertType = server # For an object signing certificate this would be used. # nsCertType = objsign # For normal client use this is typical # nsCertType = client, email # and for everything including object signing: # nsCertType = client, email, objsign # This is typical in keyUsage for a client certificate. # keyUsage = nonRepudiation, digitalSignature, keyEncipherment # This will be displayed in Netscape's comment listbox. nsComment = "OpenSSL Generated Certificate" # PKIX recommendations harmless if included in all certificates. subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer:always # This stuff is for subjectAltName and issuerAltname. # Import the email address. # subjectAltName=email:copy # Copy subject details # issuerAltName=issuer:copy #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem #nsBaseUrl #nsRevocationUrl #nsRenewalUrl #nsCaPolicyUrl #nsSslServerName [ v3_req ] # Extensions to add to a certificate request basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = abc.bce.com DNS.2 = abc.bced.com DNS.3 = abc.bced.com [ mysection ] keyUsage = digitalSignature extendedKeyUsage = codeSigning [ v3_ca ] # Extensions for a typical CA # PKIX recommendation. subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always,issuer:always # This is what PKIX recommends but some broken software chokes on critical # extensions. #basicConstraints = critical,CA:true # So we do this instead. basicConstraints = CA:true # Key usage: this is typical for a CA certificate. However since it will # prevent it being used as an test self-signed certificate it is best # left out by default. # keyUsage = cRLSign, keyCertSign # Some might want this also # nsCertType = sslCA, emailCA # Include email address in subject alt name: another PKIX recommendation # subjectAltName=email:copy # Copy issuer details # issuerAltName=issuer:copy # DER hex encoding of an extension: beware experts only! # obj=DER:02:03 # Where 'obj' is a standard or added object # You can even override a supported extension: # basicConstraints= critical, DER:30:03:01:01:FF [ crl_ext ] # CRL extensions. # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. # issuerAltName=issuer:copy authorityKeyIdentifier=keyid:always,issuer:always 

Solutions Collecting From Web of "具有扩展密钥用法的证书仅适用于Firefox"

有人有这个想法吗?

浏览器参与CA /浏览器论坛。 另一方是公共CA. 有人称他们为“卡特尔”。 浏览器有一个称为“浏览器安全模型”或“Web应用程序安全模型”的安全模型。 在这个安全模型中,使用了一个预定义的可信锚点集合。

卡特尔期望终端实体(服务器)证书由浏览器携带的可信存储中的公共CA签名。 由于Chromium使用操作系统的信任存储,因此有些人可能会放弃“随身携带”。

我希望您可能没有正确安装您正在测试的其他浏览器的自签名证书。

你没有向我们证明造成你麻烦的证书,所以我们只能推测它是否正确或有效。 但是我会尝试回答你关于密钥使用和扩展密钥使用的问题。


我的openssl.conf文件是这样构造的…

 [ mysection ] keyUsage = digitalSignature extendedKeyUsage = codeSigning 

这是一个奇怪的组合。 你在用吗? 如果是这样,你为什么使用它? (如果您发布了证书,这将会很有帮助)。

下面是来自谷歌,微软和雅虎的一些证书。 他们的服务器证书包括代码签名,并且包含一些额外的用法。

 $ openssl s_client -connect www.google.com:443 | openssl x509 -text -noout | grep -A 1 -i key ... X509v3 Extended Key Usage: TLS Web server Authentication, TLS Web Client Authentication -- X509v3 Subject Key Identifier: 30:11:ED:AE:FE:C3:60:32:1D:CF:9C:B7:4B:B4:E3:DD:2D:1D:FC:40 -- X509v3 Authority Key Identifier: keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F $ openssl s_client -connect www.microsoft.com:443 | openssl x509 -text -noout | grep -A 1 -i key ... X509v3 Key Usage: Digital Signature, Key Encipherment, Data Encipherment X509v3 Extended Key Usage: TLS Web Client Authentication, TLS Web server Authentication -- X509v3 Subject Key Identifier: 2B:DB:4A:3F:90:02:48:9E:0F:89:21:E2:EB:4A:73:1E:E0:0F:85:6B -- X509v3 Authority Key Identifier: keyid:EB:DB:11:5E:F8:09:9E:D8:D6:62:9C:FD:62:9D:E3:84:4A:28:E1:27 $ openssl s_client -connect www.yahoo.com:443 | openssl x509 -text -noout | grep -A 1 -i key ... X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web server Authentication, TLS Web Client Authentication -- X509v3 Authority Key Identifier: keyid:0D:44:5C:16:53:44:C1:82:7E:1D:20:AB:25:F4:01:63:D8:BE:79:A5 

扩展密钥使用证书只适用于Firefox …

根据RFC 5280 ,扩展密钥使用是可选的。 另一个标准是CA /浏览器论坛基线要求 ,以及大多数公共CA使用的颁发证书的策略。 我不能告诉CA / B BR关于最终实体证书的说法,因为它很混乱。

密钥用法

首先,RSA证书的密钥使用通常是digitalSignaturekeyEncipherment

如果您拥有Diffie-Hellman参数的证书,那么您将使用keyAgreement 。 我从来没有见过Diffie-Hellman签名(我认为这是ElGamal签名),所以我不认为具有Diffie-Hellman参数的证书应该包含digitalSignature

您不应该使用dataEncipherment因为您不想使用dataEncipherment进行批量加密; 而只是希望传输用于批量加密的密钥(相对于keyEncipherment )。

nonRepudiation没有任何意义,所以不要使用它。

扩展密钥的使用

其次,RFCs状态(在4.2.1.12节): “[EKU]表示可以使用经过认证的公钥的一个或多个目的,除了或代替在关键用法扩展中指明的基本目的” 。 根据CA /浏览器论坛基准要求 ,我认为扩展密钥用法对于终端实体证书是可选的。 附录(B)(3)(G)是混淆的,我只能说“我认为”。 不过,我相当确定EKU对于从属CA证书是强制性的。

因为我把扩展键用法作为一个可选的属性,所以我通常会忽略它。 如果我打算包含它,我将使用serverAuth和可能的clientAuth (它们应该是相互排斥的,但我经常在证书中看到它们)。

配置文件

这里是我用来生成自签名证书进行测试的CONF文件。 它是最小的,不包括来自OpenSSL配置文件的额外部分。 我从来没有在图书馆或浏览器有问题。

您将不得不取消注释# extendedKeyUsage = serverAuth, clientAuth并修改它以适应您的口味。

 # Self Signed (note the addition of -x509): # openssl req -config example-com.conf -new -x509 -newkey rsa:2048 -nodes -keyout example-com.key.pem -days 365 -out example-com.cert.pem # Signing Request (note the lack of -x509): # openssl req -config example-com.conf -new -newkey rsa:2048 -nodes -keyout example-com.key.pem -days 365 -out example-com.req.pem # Print it: # openssl x509 -in example-com.cert.pem -text -noout # openssl req -in example-com.req.pem -text -noout [ req ] default_bits = 2048 default_keyfile = server-key.pem distinguished_name = subject req_extensions = req_ext x509_extensions = x509_ext string_mask = utf8only # The Subject DN can be formed using X501 or RFC 4514 (see RFC 4519 for a description). # Its sort of a mashup. For example, RFC 4514 does not provide emailAddress. [ subject ] countryName = Country Name (2 letter code) countryName_default = US stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = NY localityName = Locality Name (eg, city) localityName_default = New York organizationName = Organization Name (eg, company) organizationName_default = Example, LLC # Use a friendly name here because its presented to the user. The server's DNS # names are placed in Subject Alternate Names. Plus, DNS names here is deprecated # by both IETF and CA/Browser Forums. commonName = Common Name (eg server FQDN or YOUR name) commonName_default = Example Company emailAddress = Email Address emailAddress_default = test@example.com # Section x509_ext is used when generating a self-signed certificate. Ie, openssl req -x509 ... [ x509_ext ] subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer basicConstraints = CA:FALSE keyUsage = digitalSignature, keyEncipherment subjectAltName = @alternate_names nsComment = "OpenSSL Generated Certificate" # RFC 5280, Section 4.2.1.12 makes EKU optional # CA/Browser Baseline Requirements, Appendix (B)(3)(G) makes me confused # extendedKeyUsage = serverAuth, clientAuth # Section req_ext is used when generating a certificate signing request. Ie, openssl req ... [ req_ext ] subjectKeyIdentifier = hash basicConstraints = CA:FALSE keyUsage = digitalSignature, keyEncipherment subjectAltName = @alternate_names nsComment = "OpenSSL Generated Certificate" # RFC 5280, Section 4.2.1.12 makes EKU optional # CA/Browser Baseline Requirements, Appendix (B)(3)(G) makes me confused # extendedKeyUsage = serverAuth, clientAuth [ alternate_names ] DNS.1 = example.com DNS.2 = www.example.com DNS.3 = mail.example.com DNS.4 = ftp.example.com # Add these if you need them. But usually you don't want them or # need them in production. You may need them for development. # DNS.5 = localhost # DNS.6 = localhost.localdomain # DNS.7 = 127.0.0.1 # IPv6 localhost # DNS.8 = ::1 # DNS.9 = fe80::1