具有自签名证书的CURL SSL [英] CURL SSL with self signed certificate

问题描述

我有一个使用自签名证书运行的烧瓶应用程序。我可以使用以下方式发送卷曲请求：

I have a flask application running using a self signed certificate. I'm able to send in a curl request using:

curl -v -k -H "Content-Type: application/json" -d '{"data":"value1","key":"value2"}' https://<server_ip>:<port>

详细日志显示一切顺利。

The verbose logs show that everything went alright.

我想避免使用-k（--insecure）选项，而是指定一个curl可以使用的.pem文件。查看curl手册页，我发现你可以使用--cert选项。
所以我使用这个创建了一个.pem文件：

I wanted to avoid using the -k (--insecure) option and instead specify a .pem file that curl could use. Looking at the curl man page I found that you could do this using the --cert option. So I created a .pem file using this:

openssl rsa -in server.key -text > private.pem

CURL在使用private.pem文件时会引发此错误：

CURL throws me this error when using the private.pem file:

curl: (58) unable to use client certificate (no key found or wrong pass phrase?)

有任何建议吗？ -

Any suggestions? - or is this only possible with a properly signed certificate?

推荐答案

这只是此问题的另一个版本：使用openssl从服务器获取证书

This is just another version of this question: Using openssl to get the certificate from a server

或更直接地：

使用 curl --cert 错误，它是为客户端证书。

Using curl --cert is wrong, it is for client certificates.

首先，获取您的服务器使用的证书：

First, get the the certs your server is using:

$ openssl s_client -showcerts -connect server:443 > cacert.pem

然后使您的curl命令行用于在后续操作中验证服务器： / p>

Then make your curl command line use that set to verify the server in subsequent operations:

$ curl --cacert cacert.pem https://server/ [and the rest]

这篇关于具有自签名证书的CURL SSL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！