我偶然发现了这个陷阱，发现了一个小陷阱，该陷阱导致了您遇到的相同错误:

I just stumbled over this and discovered a small pitfall which caused the same error you encountered:

在0深度查找错误18:自签名证书

error 18 at 0 depth lookup: self signed certificate

关于如何创建自签名客户端证书的指南很多，我使用了以下内容(改编自此处):

There are plenty of guides how to create a self signed client certificate, I used the following (adapted from here):

# Create the CA Key and Certificate for signing Client Certs
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt

# Create the Client Key and CSR
openssl genrsa -des3 -out client.key 4096
openssl req -new -key client.key -out client.csr

# Sign the client certificate with our CA cert
openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt

# Convert to .p12 so import in OSX works
openssl pkcs12 -export -clcerts -inkey client.key -in client.crt -out client.p12 -name "MyKey"

但是，如果您为ca和客户证书使用相同的组织名称(例如，公司)，则会看到上述错误！

However, if you use the same Organization Name (eg, company) for both your ca and your client certificate, you will see above error!

如果openssl verify -verbose -CAfile ca.crt client.crt没有抱怨自签名证书，那您就走了.

If openssl verify -verbose -CAfile ca.crt client.crt does not complain about a self-signed certificate, you're good to go.