1. 首頁
  2. 問答
  3. Gitblit:連接到mydomain的未知SSL協議錯誤:443

Gitblit:連接到mydomain的未知SSL協議錯誤:443

2013-06-26 118 views
0

我在EC2上託管一臺gitblit服務器。我做了我自己的證書與Start SSL 和我能夠:Gitblit:連接到mydomain的未知SSL協議錯誤:443

  1. 訪問gitblit網站通過HTTPS(瀏覽器)從本地主機
  2. 克隆(服務器本身)

當我試圖從終端使用Mac OS的git客戶 我得到

export $GIT_CURL_VERBOSE=1 
git clone https://[email protected]/git/testing123.git 
cloning into 'testing123'... 
* Couldn't find host mydomain.com in the .netrc file; using defaults 
* About to connect() to mydomain.com port 443 (#0) 
* Trying xxx.xxx.xxx.xxx... 
* Connected to mydomain.com (xxx.xxx.xxx.xxx) port 443 (#0) 
* Connected to mydomain.com (xxx.xxx.xxx.xxx) port 443 (#0) 
* successfully set certificate verify locations: 
* CAfile: /opt/local/share/curl/curl-ca-bundle.crt 
    CApath: none 
* Unknown SSL protocol error in connection to mydomain.com:443 
* Closing connection #0 
error: Unknown SSL protocol error in connection to mydomain.com:443 while accessing https://[email protected]/git/testing123.git/info/refs 
fatal: HTTP request failed

使用開放資源庫,克隆到我的電腦SSL我

OpenSSL> s_client -tls1_2 -connect mydomain.com:443 
CONNECTED(00000003) 
140735107039708:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596: 
--- 
no peer certificate available 
--- 
No client certificate CA names sent 
--- 
SSL handshake has read 0 bytes and written 0 bytes 
--- 
New, (NONE), Cipher is (NONE) 
Secure Renegotiation IS NOT supported 
Compression: NONE 
Expansion: NONE 
SSL-Session: 
    Protocol : TLSv1.2 
    Cipher : 0000 
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg : None 
    PSK identity: None 
    PSK identity hint: None 
    SRP username: None 
    Start Time: 1372280840 
    Timeout : 7200 (sec) 
    Verify return code: 0 (ok) 
--- 
error in s_client

因爲我必須創建自己的密鑰庫,因爲我的服務器並不需要有X11, 我存儲

serverKeyStore.jks

  • 私鑰MYDOMAIN
  • mydomain class 1 primary intermediate cert
  • startcom CA
  • startcom類1個主intermadiate CA

serverTrustStore.jks

  • startcom CA
  • startcom類1主客戶機CA
  • startcom類1主服務器CA

我不不知道這是否正確。如果我不得不把自己存儲在商店做這項工作,相信我,我會的。我搜索得非常努力以至於幾乎碰到了互聯網的結尾(我們都知道這裏有很多山羊x_X)。所以我不知道還有什麼要做。

版本:

git 1.7.11.1 
OpenSSL 1.0.1e 11 Feb 2013 

curl 7.26.0 (x86_64-apple-darwin11.3.0) libcurl/7.26.0 OpenSSL/1.0.1e zlib/1.2.8 libidn/1.25 
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smtp smtps telnet tftp 
Features: IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP

來源

2013-06-26 Pacu

回答

1

嘗試註釋掉該行

#server.certificateAlias = localhost

或將其更改爲類似下面

server.certificateAlias = "Your domain cert alias in key store"

來源

2013-10-04 04:12:19

相關問題

 相關問題