1

我正在尝试使用 curl w SSL,但我收到关于证书的永久错误。我知道 OSX 在 curl 证书方面一团糟,我想我在为 dev 创建自己的自签名证书后忘记了一个重要过程(我的本地主机上的 node_ssl_server.local)

错误 :

curl --verbose --header "Authorization: Bearer b8232aedb20e0a97499b3bffa9d3edeb3c1b25" https://node_ssl_server.local:8000/Categories
* About to connect() to node_ssl_server.local port 8000 (#0)
*   Trying 192.168.1.13...
* connected
* Connected to node_ssl_server.local (192.168.1.13) port 8000 (#0)
* successfully set certificate verify locations:
*   CAfile: /usr/share/curl/cacert.pem
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem, verify that the CA cert is OK. 
Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
    * Closing connection #0
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

我之前为创建自签名证书所做的工作:

    cd /etc/ssl/self-signed
    sudo openssl genrsa -des3 -out server.pass.key 2048
    sudo openssl rsa -in server.pass.key -out server.key
    sudo openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
    sudo openssl rsa -passin pass:x -in server.pass.key -out server.key
    sudo rm server.pass.key
    sudo openssl req -new -key server.key -out server.csr
    ..
    >Common Name (e.g. server FQDN or YOUR name) []:node_ssl_server.local
    ..
    sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

所以我将我的自签名证书放入 /etc/ssl/self-signed:

    ls /etc/ssl/self-signed
    > server.crt    server.csr  server.key

和我的 curl cacert.pem 进入 /usr/share/curl :

    ls /usr/share/curl 
    > cacert.pem

我备份它:

    sudo cp cacert.pem cacert.pem.old

    ls /usr/share/curl 
    > cacert.pem    cacert.pem.old

我删除它,并建立一个新的,并连接我的自签名证书:

    sudo rm cacert.pem
    sudo sh -c 'cat cacert.pem.old /etc/ssl/self-signed/server.crt >> cacert.pem'

    ls /usr/share/curl 
    > cacert.pem    cacert.pem.old

我使用 curl ...引发错误关于钥匙串是否有任何额外的过程(Mac OSX 10.9 - Mountain Lion)?在使用 curl w SSL 之前????

4

1 回答 1

1

我将我的自签名证书(/etc/ssl/self-signed/server.crt)添加到 Apple 钥匙串证书(作为根证书),授予授权......然后我重新启动了我的计算机......这是一个关键点...我不知道为什么我的计算机需要重新启动,但是证书无法识别...

于 2013-10-18T11:36:31.607 回答