使用带有cURL的自签名证书? [英] Use self signed certificate with cURL?
问题描述
我有一个使用自签名证书运行的flask应用程序。我可以使用以下命令发送卷曲请求:
I have a flask application running using a self signed certificate. I'm able to send in a curl request using:
curl -v -k -H "Content-Type: application/json" -d '{"data":"value1","key":"value2"}' https://<server_ip>:<port>
详细的日志显示一切正常。
The verbose logs show that everything went alright.
我想避免使用-k(-不安全)选项,而是指定curl可以使用的.pem文件。查看curl手册页,我发现您可以使用--cert选项执行此操作。
因此,我使用以下命令创建了一个.pem文件:
I wanted to avoid using the -k (--insecure) option and instead specify a .pem file that curl could use. Looking at the curl man page I found that you could do this using the --cert option. So I created a .pem file using this:
openssl rsa -in server.key -text > private.pem
在使用private.pem文件时,CURL会向我抛出此错误:
CURL throws me this error when using the private.pem file:
curl: (58) unable to use client certificate (no key found or wrong pass phrase?)
有什么建议吗? -还是只有经过正确签名的证书才有可能?
Any suggestions? - or is this only possible with a properly signed certificate?
Tnx
推荐答案
这只是此问题的另一个版本:使用openssl从服务器获取证书
This is just another version of this question: Using openssl to get the certificate from a server
或更直接地说:
使用 curl --cert 错误,它用于客户端证书。
Using curl --cert is wrong, it is for client certificates.
首先,获取服务器使用的证书:
First, get the the certs your server is using:
$ echo quit | openssl s_client -showcerts -servername server -connect server:443 > cacert.pem
(<< c $ c> -servername 是必需的SNI,以便您获得正确的虚拟服务器的证书)
(-servername
is necessary for SNI so that you get the right virtual server's certificate back)
然后使curl命令行使用该设置来验证后续操作中的服务器:
Then make your curl command line use that set to verify the server in subsequent operations:
$ curl --cacert cacert.pem https://server/ [and the rest]
这篇关于使用带有cURL的自签名证书?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!