Nginx-with-GmSSLv3 rsa证书也不能用了

修改了个寂寞，参考https://www.gmssl.cn/gmssl/index.jsp?go=CA 部署nginx1.18，使用https://www.gmssl.cn/gmssl/index.jsp?go=CA 生成证书，测试通过（rsa和sm2自适应）配置文件： server { listen 0.0.0.0:443 ssl; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:AES128-SHA:DES-CBC3-SHA:ECC-SM4-CBC-SM3:ECDHE-SM4-GCM-SM3; ssl_verify_client off;

    ssl_certificate /usr/local/nginx/conf/ssl/server.crt;  ## rsa证书
    ssl_certificate_key /usr/local/nginx/conf/ssl/server.key;  ## rsa证书

    ssl_certificate /usr/local/nginx/conf/ssl/sm2.liuliang.com.sig.crt.pem;  ##  sm2证书
    ssl_certificate_key /usr/local/nginx/conf/ssl/sm2.liuliang.com.sig.key.pem; ##  sm2证书

    ssl_certificate_key /usr/local/nginx/conf/ssl/sm2.liuliang.com.enc.key.pem; ##  sm2证书
    ssl_certificate /usr/local/nginx/conf/ssl/sm2.liuliang.com.enc.crt.pem; ##  sm2证书

    location / {
      root html;
      index index.html index.htm;
    }
}

同样的配置和证书部署Nginx-with-GmSSLv3 无法访问，不论是国密浏览器还是火狐谷歌之类。rsa证书也不能访问

另外证书生成脚本里生成的证书，指定-key_usage digitalSignature, 是不是应该加上-key_usage digitalSignature -key_usage keyEncipherment -key_usage dataEncipherment -key_usage keyAgreement

Sep 02 '22 06:09 liuliangzzz

gmssl.cn不是GmSSL项目的官方网站。gmssl.org才是GmSSL项目的官方网站 Nginx-with-GmSSLv3 已经屏蔽了RSA的证书。

Sep 03 '22 10:09 zxm256

@zhaoxiaomeng 是否可以考虑兼容RSA证书呢？部署双证书的使用场景还是主流的

Nov 04 '22 10:11 Linshiqi

Marked as stale issue. Will be closed later if no activity for a while.

Feb 03 '23 00:02 github-actions[bot]

Nginx-with-GmSSLv3 Nginx-with-GmSSLv3 copied to clipboard

rsa证书也不能用了

Nginx-with-GmSSLv3
Nginx-with-GmSSLv3 copied to clipboard