7
我測試與關鍵,CA證書在選擇本地節點服務器的SSL訪問(自簽名W¯¯的OpenSSL)SSL證書錯誤
var server_options = {
key: fs.readFileSync('/etc/ssl/self-signed/server.key'),
ca: fs.readFileSync('/etc/ssl/self-signed/server.csr'),
cert: fs.readFileSync('/etc/ssl/self-signed/server.crt')
};
試圖訪問它:
curl -v --user 1234567890:abcdefghijklmnopqrstuvwxyz --data "grant_type=password&username=yves&password=123456789" https://macMini.local:8000/oauth/token
使用curl我得到以下錯誤:
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
我從http://curl.haxx.se/ca/cacert.pem下載CA證書,並將其添加到我的捲曲-C一個束-new.crt文件,如捲曲相關的一些帖子建議......但是沒辦法
這裏是日誌
- About to connect() to macMini.local port 8000 (#0)
- Trying 192.168.1.14...
- connected
- Connected to macMini.local (192.168.1.14) port 8000 (#0)
- SSLv3, TLS handshake, Client hello (1):
- SSLv3, TLS handshake, Server hello (2):
- SSLv3, TLS handshake, CERT (11):
- SSLv3, TLS alert, Server hello (2):
- SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
- Closing connection #0 curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html
我知道我可以繞過捲曲CA檢查,使用:
curl -k -v --user 1234567890:abcdefghijklmnopqrstuvwxyz --data "grant_type=password&username=yves&password=123456789" https://macMini.local:8000/oauth/token
在這種情況下,它運行良好,我可以看到:
SSL certificate verify result: self signed certificate (18), continuing anyway.
,但我想知道是否有任何方式ŧ o解決此問題...
謝謝,我只是有一些困難找到cacert.pem在OSX(10.8)上的位置見上面.... – erwin