workspaces only allow trusted client with self-signed cert

2019-11-26 17:47 divl 阅读(216) 评论(0) 收藏举报

1. 生成CA

openssl genrsa -out CA_neonone.com.key 2048
openssl req -x509 -new -nodes -key CA_neonone.com.key -sha256 -days 1024 -out CA_neonone.com.pem

2. 生成csr

openssl genrsa -out neonone.com.key 2048
openssl req -new -key neonone.com.key -out neonone.com.csr

3. 新建v3.ext文件

authorityKeyIdentifier=keyid,issuer
extendedKeyUsage = serverAuth, clientAuth, codeSigning, emailProtection
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment

4. 生成证书

 openssl x509 -req -in neonone.com.csr -CA CA_neonone.com.pem -CAkey CA_neonone.com.key -CAcreateserial -out neonone.com.pem -days 365 -sha256 -extfile v3.ext

5. 转换成pfx

openssl pkcs12 -inkey neonone.com.key  -in neonone.com.pem  -export -out neonone.com.pfx

6. 导入win7

运行 Certmgr.msc

　　6.1 导入根证书

　　6.2 导入客户端证书

7. 上传根证书到aws workspace ad

刷新页面返回顶部

divl

workspaces only allow trusted client with self-signed cert

About