SSL证书错误 [英] SSL certificate error
问题描述
我在选项(自签名的OpenSSL)中测试SSL密钥到本地节点服务器。
I am testing SSL acces to a local node server with key,ca,cert in options ( self-signed w OpenSSL)
var server_options = {
key: fs.readFileSync('/etc/ssl/self-signed/server.key'),
ca: fs.readFileSync('/etc/ssl/self-signed/server.csr'),
cert: fs.readFileSync('/etc/ssl/self-signed/server.crt')
};
尝试访问它:
curl -v --user 1234567890:abcdefghijklmnopqrstuvwxyz --data "grant_type=password&username=yves&password=123456789" https://macMini.local:8000/oauth/token
使用curl我得到以下错误:
using curl I get the following error :
curl:(60)SSL证书问题,请验证CA证书是否正确。详细信息:
错误:14090086:SSL例程:SSL3_GET_SERVER_CERTIFICATE:证书验证失败
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
=http://curl.haxx.se/ca/cacert.pem =nofollow> http://curl.haxx.se/ca/cacert.pem ,并将它们添加到我的curl- ca-bundle-new.crt文件,在一些与curl ...相关的帖子中建议,但没有办法
I downloaded the ca certificate from http://curl.haxx.se/ca/cacert.pem and add them to my curl-ca-bundle-new.crt file, as suggested in some posts related to curl... but no way
这里是日志
- 关于connect()到macMini.local port 8000(#0)
- 尝试192.168.1.14 ...
- 已连接
- 已连接到macMini.local(192.168.1.14)端口8000(#0)
- SSLv3,TLS握手,客户端问候(1):
- SSLv3,TLS握手,服务器问候
- SSLv3,TLS握手,CERT(11):
- SSLv3,TLS警报,服务器问候语(2):
- SSL证书问题,请验证CA证书是否正确。详细信息:
错误:14090086:SSL例程:SSL3_GET_SERVER_CERTIFICATE:证书验证失败
- 关闭连接#0
curl:(60)SSL证书问题, cert是OK的。详细信息:
错误:14090086:SSL例程:SSL3_GET_SERVER_CERTIFICATE:证书验证失败
更多详细信息: http://curl.haxx.se/docs/sslcerts.html
- About to connect() to macMini.local port 8000 (#0)
- Trying 192.168.1.14...
- connected
- Connected to macMini.local (192.168.1.14) port 8000 (#0)
- SSLv3, TLS handshake, Client hello (1):
- SSLv3, TLS handshake, Server hello (2):
- SSLv3, TLS handshake, CERT (11):
- SSLv3, TLS alert, Server hello (2):
- SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
- Closing connection #0 curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html
我知道我可以绕过Curl CA检查,使用:
I know I can bypass the Curl CA checking , using :
curl -k -v --user 1234567890:abcdefghijklmnopqrstuvwxyz --data "grant_type=password&username=yves&password=123456789" https://macMini.local:8000/oauth/token
在这种情况下运行正常,我可以看到:
in which case it's running fine, I can see :
SSL证书验证结果:自签名证书(18),仍然继续。
SSL certificate verify result: self signed certificate (18), continuing anyway.
但我想知道是解决这个问题的任何方法...
but I'd like to know if there is any way to solve this issue...
推荐答案
这是您应该添加到CA软件包的自签名证书。否则,curl不能知道它可以被信任。
It's your self-signed certificate that you should add to your CA bundle. Otherwise, curl can't know it can be trusted.
这篇关于SSL证书错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!