My windows system has already imported the nginx certificate, why is it still unsafe?
saodis opened this issue · comments
Asking for help
I used cfssl to generate an nginx certificate as follows:
tee ca-csr.json <<- "EOF"
{
"CN": "cfssl",
"hosts": [
"10.17.38.191"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"ST": "California",
"L": "San Francisco",
"O": "cfssl",
"OU": "devops"
}
]
}
EOF
cfssl gencert -initca ca-csr.json | cfssljson -bare ca
tee ca-config.json <<- "EOF"
{
"signing": {
"default": {
"expiry": "8760h"
},
"profiles": {
"nginx": {
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
],
"expiry": "8760h"
}
}
}
}
EOF
tee nginx-csr.json <<- "EOF"
{
"CN": "10.17.38.191",
"hosts": [
"10.17.38.191"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "Beijing",
"L": "Beijing",
"O": "nginx",
"OU": "devops"
}
]
}
EOF
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=nginx nginx-csr.json | cfssljson -bare nginx