SSL证书颁发:自签名证书

Question

当我对专用服务器执行https请求时，有一个问题要验证我的证书

我运行这个命令来创建我的证书和私钥：

openssl req -x509 -newkey rsa:4096 -keyout key.pem -passout file:passphrase.txt -out cert.pem -days 365

当我运行命令查看证书和密钥是否匹配时，它们是否匹配

然后，我设置了我的ssl服务器：

server {

# SSL configuration
#
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
server_name mydomain.com;
ssl on;
ssl_certificate           /pathtocert.pem;
ssl_certificate_key       /pathtokey.pem;
client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads
ssl_password_file         /pathtopassphrase.txt;

ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /pathtocert.pem;
# Google DNS, Open DNS, Dyn DNS
resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 216.146.35.35 216.146.36.36 valid=300s;
resolver_timeout 3s;

但当我执行卷发请求时：

// OPTIONS:
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_HTTPHEADER, array(
  "APIKEY: " . self::APIKEY,
  'Content-Type: application/json',
));
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);

//curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($curl, CURLOPT_CAINFO, public_path() . "\CA\Something.crt");

// EXECUTE:
$result = curl_exec($curl);

我得到的证书如下：

SSL:无法从对等证书中获取公共名称

我必须简单地保护我的API，这是我的目标。

Answer 1

我是用这些命令创建的，每次都适用于我。

$ openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
$ openssl rsa -passin pass:x -in server.pass.key -out server.key
$ rm server.pass.key
$ openssl req -new -key server.key -out server.csr
$ openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt

这是我的nginx.conf

server {
    listen 443 default_server ssl http2;

    server_name IP_ADRESS;

    ssl_certificate /home/NAMEOFCOMPUTER/keys/server.crt;
    ssl_certificate_key /home/NAMEOFCOMPUTER/keys/server.key;
    ssl_session_cache shared:SSL:10m;

    auth_basic "Restricted Access";
    auth_basic_user_file /etc/nginx/htpasswd.kibana;

    location / {
        proxy_pass http://localhost:5601;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}