生成自签名证书后使用失败

[liclicli]

如题，问题如下（在另外一个issue中也回复了）；另外能否直接提供测试证书，这样就可以知道是自己生成的证书有问题还是启动openssl时有问题了 openssl s_server -accept 4433 -CAfile CA.pem -cert my/svr.pem -enc_cert my/svrenc.pem Using default temp DH parameters error setting private key 140364807919272:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:340:

[liclicli]

补充： openssl verify -CAfile CA.pem my/svr.pem my/svrenc.pem my/svr.pem: OK my/svrenc.pem: OK

[jntass]

CA.pem: -----BEGIN CERTIFICATE----- MIICWjCCAgCgAwIBAgIJAOLabjc238AdMAoGCCqBHM9VAYN1MIGCMQswCQYDVQQG EwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcMB0hhaURpYW4xJTAjBgNVBAoMHEJl aWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4xFTATBgNVBAsMDFNPUkIgb2YgVEFT UzEWMBQGA1UEAwwNVGVzdCBDQSAoU00yKTAeFw0xODAxMjMwODMxMzdaFw0yMjAz MDMwODMxMzdaMIGCMQswCQYDVQQGEwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcM B0hhaURpYW4xJTAjBgNVBAoMHEJlaWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4x FTATBgNVBAsMDFNPUkIgb2YgVEFTUzEWMBQGA1UEAwwNVGVzdCBDQSAoU00yKTBZ MBMGByqGSM49AgEGCCqBHM9VAYItA0IABOiMjVdzO7Ew3GJxOHVJhp97T19g/iQj AhR7sGuZY5q51AEU2esm33UpSbc+PGwwkOuLXFWBC7oY8ClUJTbX7RejXTBbMB0G A1UdDgQWBBRfPAMQ3vRzUPxS1n41CeTi/R1nhDAfBgNVHSMEGDAWgBRfPAMQ3vRz UPxS1n41CeTi/R1nhDAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqgRzP VQGDdQNIADBFAiAaF9oRCX0p8N685qiDre5epLm3yptArP+3fRUIHozVvQIhANX2 D+S9Fvr/kz2gzjInRcySdr9s9UrzEhAbnUvizY07 -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgRgtyVxQdEco53eVL ANrt+30D0JuZw4J0j/8OtCNJBqmhRANCAATojI1XczuxMNxicTh1SYafe09fYP4k IwIUe7BrmWOaudQBFNnrJt91KUm3PjxsMJDri1xVgQu6GPApVCU21+0X -----END PRIVATE KEY-----

[jntass]

SS.pem:(Server Signature Certificate and key) -----BEGIN CERTIFICATE----- MIICGzCCAcGgAwIBAgIJAMfxC4YvO7IXMAoGCCqBHM9VAYN1MIGCMQswCQYDVQQG EwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcMB0hhaURpYW4xJTAjBgNVBAoMHEJl aWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4xFTATBgNVBAsMDFNPUkIgb2YgVEFT UzEWMBQGA1UEAwwNVGVzdCBDQSAoU00yKTAeFw0xODAxMjMwODMxMzdaFw0yMjAz MDMwODMxMzdaMIGGMQswCQYDVQQGEwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcM B0hhaURpYW4xJTAjBgNVBAoMHEJlaWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4x FTATBgNVBAsMDEJTUkMgb2YgVEFTUzEaMBgGA1UEAwwRc2VydmVyIHNpZ24gKFNN MikwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAAQH6MRI2ENTFpff1XNeX5RY2ItG uOJw5ZM0YKQjjhxCyhX1Cs8Uy9EnJYio/zxQb+V6prQynJM5bPOeRAjiBdxuoxow GDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIGwDAKBggqgRzPVQGDdQNIADBFAiBp+T2R aNvGcQPAVe18EzXsnJUmeD6nRKZLPj7/irLZzwIhAJWfWIwOgZBUPFEg4tE/+/M2 EamspP2DX0CR8F4Wz/LJ -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgi77akpuaDGbvNyCG 73CmzHV6nIMYmGrI/wQJsTjRo8ihRANCAAQH6MRI2ENTFpff1XNeX5RY2ItGuOJw 5ZM0YKQjjhxCyhX1Cs8Uy9EnJYio/zxQb+V6prQynJM5bPOeRAjiBdxu -----END PRIVATE KEY-----

[jntass]

SE.pem:(server encrypt certificate and key) -----BEGIN CERTIFICATE----- MIICGjCCAcCgAwIBAgIJAMfxC4YvO7IYMAoGCCqBHM9VAYN1MIGCMQswCQYDVQQG EwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcMB0hhaURpYW4xJTAjBgNVBAoMHEJl aWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4xFTATBgNVBAsMDFNPUkIgb2YgVEFT UzEWMBQGA1UEAwwNVGVzdCBDQSAoU00yKTAeFw0xODAxMjMwODMxMzdaFw0yMjAz MDMwODMxMzdaMIGFMQswCQYDVQQGEwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcM B0hhaURpYW4xJTAjBgNVBAoMHEJlaWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4x FTATBgNVBAsMDEJTUkMgb2YgVEFTUzEZMBcGA1UEAwwQc2VydmVyIGVuYyAoU00y KTBZMBMGByqGSM49AgEGCCqBHM9VAYItA0IABFIysgD4Eq3IQAeRnCu9p5bLlhiZ rM7mMtdewdf5qa3Gd+IdN3wWws6kvWx/yiWKpjPuDijjJ0HzjUo++9PNf0SjGjAY MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgM4MAoGCCqBHM9VAYN1A0gAMEUCIBv8bfgN PMwaBMtVPpQH/RySi5IAORUhBZUe+kPEDXQ4AiEA5eyCfpDR2DvMStmjZjcYWGPB ouW8eFEmtvEoAdgtzEM= -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgnTIjYWR7XHjeT9rf 3SgtJSJRRBylR6NqImw/aZSbcgWhRANCAARSMrIA+BKtyEAHkZwrvaeWy5YYmazO 5jLXXsHX+amtxnfiHTd8FsLOpL1sf8oliqYz7g4o4ydB841KPvvTzX9E -----END PRIVATE KEY-----

[jntass]

CS.pem -----BEGIN CERTIFICATE----- MIICGzCCAcGgAwIBAgIJAMfxC4YvO7IZMAoGCCqBHM9VAYN1MIGCMQswCQYDVQQG EwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcMB0hhaURpYW4xJTAjBgNVBAoMHEJl aWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4xFTATBgNVBAsMDFNPUkIgb2YgVEFT UzEWMBQGA1UEAwwNVGVzdCBDQSAoU00yKTAeFw0xODAxMjMwODMxMzdaFw0yMjAz MDMwODMxMzdaMIGGMQswCQYDVQQGEwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcM B0hhaURpYW4xJTAjBgNVBAoMHEJlaWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4x FTATBgNVBAsMDEJTUkMgb2YgVEFTUzEaMBgGA1UEAwwRY2xpZW50IHNpZ24gKFNN MikwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAASHn3Nh/3a+bD19R3kOypCHL9+q aLKyWHaYFaZb6Idu40Y3bzdAlkg91Jk44twV9WcWQmF93fjKAduokK4jvs46oxow GDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIGwDAKBggqgRzPVQGDdQNIADBFAiEA42Xg qlwk/W4QrHAQ/Wi68Jqi85Oap7vMxqslaCX06dsCIE8oLn9Pi3dKEMnh47q8mqOI Af7Oc4OTz6Tj687PWL1t -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgdm4nJYqwnLyIagyh Se0kfJLfzkAScEmwAxXZOhpGsEehRANCAASHn3Nh/3a+bD19R3kOypCHL9+qaLKy WHaYFaZb6Idu40Y3bzdAlkg91Jk44twV9WcWQmF93fjKAduokK4jvs46 -----END PRIVATE KEY-----

[jntass]

CE.pem -----BEGIN CERTIFICATE----- MIICGzCCAcGgAwIBAgIJAMfxC4YvO7IaMAoGCCqBHM9VAYN1MIGCMQswCQYDVQQG EwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcMB0hhaURpYW4xJTAjBgNVBAoMHEJl aWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4xFTATBgNVBAsMDFNPUkIgb2YgVEFT UzEWMBQGA1UEAwwNVGVzdCBDQSAoU00yKTAeFw0xODAxMjMwODMxMzdaFw0yMjAz MDMwODMxMzdaMIGGMQswCQYDVQQGEwJDTjELMAkGA1UECAwCQkoxEDAOBgNVBAcM B0hhaURpYW4xJTAjBgNVBAoMHEJlaWppbmcgSk5UQSBUZWNobm9sb2d5IExURC4x FTATBgNVBAsMDEJTUkMgb2YgVEFTUzEaMBgGA1UEAwwRY2xpZW50IHNpZ24gKFNN MikwWTATBgcqhkjOPQIBBggqgRzPVQGCLQNCAAQSgPB91r2mB6U8+KpWViJC9YKD 2On/4TVxvrl9jmeT9WQGueuBwHkeQpJP4XjeRvmCxCvr9YShjRzndOgImGIDoxow GDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIDODAKBggqgRzPVQGDdQNIADBFAiAwC0Bf xK+JvmFvvWjXIImkGyg37PPwa00fqZUmfUVgMQIhAPebG3DIg/FcGgYFvhALYq76 0Jbi6mpPu6A6JvgKG6Rk -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgmJuujSMG/3BaAPgp 0Cpo8+X88b+crKFxzC+nOkyYDN+hRANCAAQSgPB91r2mB6U8+KpWViJC9YKD2On/ 4TVxvrl9jmeT9WQGueuBwHkeQpJP4XjeRvmCxCvr9YShjRzndOgImGID -----END PRIVATE KEY-----

[jntass]

可以使用这几个证书试试。

[jntass]

我们刚刚上传了sm2 tls 测试证书的生成工具，在Tassl_demo/mk_tls_cert下，你可以试试看。

[liclicli]

非常感谢