如何找到 SSL 证书文件的路径? [英] How to find the path to a SSL cert file?

问题描述

我想使用 Python 请求来获取公司内部网页的内容(例如，https://internal.com).我可以在浏览器中看到这个页面，我可以查看证书".

I want to use Python Requests to get the contents of internal company web page (say, https://internal.com). I can see this page in the browser, and I can "view the certificate."

所以现在我想获取带有请求的网页，所以我这样做了:

So now I want to get the web page with Requests, so I do:

import requests
requests.get('https://internal.com')

但后来我得到一个 SSLError:

But then I get an SSLError:

SSLError: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

所以我想我需要指定一个证书文件:

So I guess I need to specify a cert file:

requests.get('https://example.com', cert=('/path/server.crt', '/path/key'))

但是我如何找到证书文件的路径?查看网页时，我可以从 Chrome 或 IE 获取此信息吗?还是我遗漏了一些更基本的东西?

But how do I find the path to the cert file? Can I get this info from Chrome or IE when viewing the web page? Or am I missing something even more basic?

推荐答案

cert 参数用于客户端身份验证.如果您想向服务器证明您的身份.如果这是问题，您将在服务器上收到错误消息.

The cert parameter is for client-side authentication. If you wanted to prove your identity to the server. If this was the problem you would get an error on the server.

您需要的是服务器端身份验证.服务器必须证明它的身份.由于您正在连接到内部服务器，请求在其提供的包中没有此服务器证书，因此无法确认服务器身份.您必须使用内部 CA 包提供请求.为此，您必须先从浏览器中提取它.

What you need is server-side authentication. The server has to prove it's identity. As your are connecting to an internal server requests doesn't have this server certificate in it's supplied bundle and therefore can't confirm the servers identity. You have to supply requests with your internal CA-bundle. To do this you have to extract it from your browser first.

来自文档:

You can also pass "verify" the path to a "CA_BUNDLE" file for private certs.
You can also set the "REQUESTS_CA_BUNDLE" environment variable.

Chrome(短版):

Chrome (short version):

• 把它放在你的 URL 栏中 chrome://settings/certificates
• 选择权限"标签
• 找到您的内部 CA 并点击export
• 最佳格式是Base64 编码的证书链"
• 保存到一个可以再次找到它的位置
• 现在你可以使用`request.get(url, verify=)

您还可以通过以下方式访问证书管理器:

You can also visit the certificate manager by:

(chrome的步骤，其他浏览器非常相似)

(Steps for chrome, quite similar for other browsers)

• 进入设置
• 点击底部的显示高级设置"
• HTTPS/SSL ->管理证书"
• 见上文

这篇关于如何找到 SSL 证书文件的路径?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！