我正在使用key,ca,cert in options测试对本地节点服务器的SSL访问(自签名w OpenSSL)
var server_options = {
key: fs.readFileSync('/etc/ssl/self-signed/server.key'),ca: fs.readFileSync('/etc/ssl/self-signed/server.csr'),cert: fs.readFileSync('/etc/ssl/self-signed/server.crt')
};
试图访问它:
curl -v --user 1234567890:abcdefghijklmnopqrstuvwxyz --data "grant_type=password&username=yves&password=123456789" https://macMini.local:8000/oauth/token
使用curl我收到以下错误:
curl: (60) SSL certificate problem,verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify Failed
我从http://curl.haxx.se/ca/cacert.pem下载了ca证书并将它们添加到我的curl-ca-bundle-new.crt文件中,正如一些与curl相关的帖子中所建议的那样……但是没办法
这是日志
- About to connect() to macMini.local port 8000 (#0)
- Trying 192.168.1.14…
- connected
- Connected to macMini.local (192.168.1.14) port 8000 (#0)
- SSLv3,TLS handshake,Client hello (1):
- SSLv3,Server hello (2):
- SSLv3,CERT (11):
- SSLv3,TLS alert,Server hello (2):
- SSL certificate problem,verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify Failed- Closing connection #0
curl: (60) SSL certificate problem,verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify Failed
More details here: 07001
我知道我可以绕过Curl CA检查,使用:
curl -k -v --user 1234567890:abcdefghijklmnopqrstuvwxyz --data "grant_type=password&username=yves&password=123456789" https://macMini.local:8000/oauth/token
在这种情况下运行正常,我可以看到:
SSL certificate verify result: self signed certificate (18),continuing anyway.
但是我想知道是否有办法解决这个问题……
解决方法
这是您应该添加到CA捆绑包的自签名证书.否则,curl无法知道它可以信任.
