curl – SSL证书错误

发布时间：2020-12-13 18:31:26 所属栏目：Linux 来源：网络整理

导读：我正在使用key,ca,cert in options测试对本地节点服务器的SSL访问(自签名w OpenSSL) var server_options = { key: fs.readFileSync('/etc/ssl/self-signed/server.key'),ca: fs.readFileSync('/etc/ssl/self-signed/server.csr'),cert: fs.readFileSync('/et

我正在使用key,ca,cert in options测试对本地节点服务器的SSL访问(自签名w OpenSSL)

var server_options = {
  key: fs.readFileSync('/etc/ssl/self-signed/server.key'),ca: fs.readFileSync('/etc/ssl/self-signed/server.csr'),cert: fs.readFileSync('/etc/ssl/self-signed/server.crt')
};

试图访问它：

curl -v --user 1234567890:abcdefghijklmnopqrstuvwxyz --data "grant_type=password&username=yves&password=123456789" https://macMini.local:8000/oauth/token

使用curl我收到以下错误：

curl: (60) SSL certificate problem,verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

我从http://curl.haxx.se/ca/cacert.pem下载了ca证书并将它们添加到我的curl-ca-bundle-new.crt文件中,正如一些与curl相关的帖子中所建议的那样……但是没办法

这是日志

About to connect() to macMini.local port 8000 (#0)

Trying 192.168.1.14…

connected

Connected to macMini.local (192.168.1.14) port 8000 (#0)

SSLv3,TLS handshake,Client hello (1):

SSLv3,Server hello (2):

SSLv3,CERT (11):

SSLv3,TLS alert,Server hello (2):

SSL certificate problem,verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Closing connection #0
curl: (60) SSL certificate problem,verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: 07001

我知道我可以绕过Curl CA检查,使用：

curl -k -v --user 1234567890:abcdefghijklmnopqrstuvwxyz --data "grant_type=password&username=yves&password=123456789" https://macMini.local:8000/oauth/token

在这种情况下运行正常,我可以看到：

SSL certificate verify result: self signed certificate (18),continuing anyway.

但是我想知道是否有办法解决这个问题……

解决方法

这是您应该添加到CA捆绑包的自签名证书.否则,curl无法知道它可以信任.

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!