日期:2014-05-17  浏览次数:20969 次

Apache2.2 代理 https 搭建 CA.sh创建失败。在线等!!
CA certificate filename (or enter to create)

Making CA certificate ...
Generating a 1024 bit RSA private key
..............................++++++
...........++++++
writing new private key to './demoCA/private/./cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:cn
State or Province Name (full name) [Berkshire]:cn
Locality Name (eg, city) [Newbury]:cn
Organization Name (eg, company) [My Company Ltd]:cn
Organizational Unit Name (eg, section) []:cn
Common Name (eg, your name or your server's hostname) []:sslserver  
Email Address []:test@gmail.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:****************
An optional company name []:
unknown option -create_serial
usage: ca args

 -verbose - Talk alot while doing things
 -config file - A config file
 -name arg - The particular CA definition to use
 -gencrl - Generate a new CRL
 -crldays days - Days is when the next CRL is due
 -crlhours hours - Hours is when the next CRL is due
 -startdate YYMMDDHHMMSSZ - certificate validity notBefore
 -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides -days)
 -days arg - number of days to certify the certificate for
 -md arg - md to use, one of md2, md5, sha or sha1
 -policy arg - The CA 'policy' to support
 -keyfile arg - private key file
 -keyform arg - private key file format (PEM or ENGINE)
 -key arg - key to decode the private key if it is encrypted
 -cert file - The CA certificate
 -in file - The input PEM encoded certificate request(s)
 -out file - Where to put the output file(s)
 -outdir dir - Where to put output certificates
 -infiles .... - The last argument, requests to process
 -spkac file - File contains DN and signed public key and challenge
 -ss_cert file - File contains a self signed cert to sign
 -preserveDN - Don't re-order the DN
 -noemailDN - Don't add the EMAIL field into certificate' subject
 -batch - Don't ask questions
 -msie_hack - msie modifications to handle all those universal strings
 -revoke file - Revoke a certificate (given in file)
 -subj arg - Use arg instead of request's subject
 -extensions .. - Extension section (override value in config file)
 -extfile file - Configuration file with X509v3 extentions to add
 -crlexts .. - CRL extension section (override value in config file)
 -engine e - use engine e, possibly a hardware device.
 -status serial - Shows certificate status given the serial number
 -updatedb - Updates db for expired certificates

上面的到底是什么问题?
谢谢!!


------解决方案--------------------
unknown option -create_serial

这句是关键....