我正在尝试使用 curl w SSL,但我收到关于证书的永久错误。我知道 OSX 在 curl 证书方面一团糟,我想我在为 dev 创建自己的自签名证书后忘记了一个重要过程(我的本地主机上的 node_ssl_server.local)
错误 :
curl --verbose --header "Authorization: Bearer b8232aedb20e0a97499b3bffa9d3edeb3c1b25" https://node_ssl_server.local:8000/Categories
* About to connect() to node_ssl_server.local port 8000 (#0)
* Trying 192.168.1.13...
* connected
* Connected to node_ssl_server.local (192.168.1.13) port 8000 (#0)
* successfully set certificate verify locations:
* CAfile: /usr/share/curl/cacert.pem
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem, verify that the CA cert is OK.
Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
* Closing connection #0
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
我之前为创建自签名证书所做的工作:
cd /etc/ssl/self-signed
sudo openssl genrsa -des3 -out server.pass.key 2048
sudo openssl rsa -in server.pass.key -out server.key
sudo openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
sudo openssl rsa -passin pass:x -in server.pass.key -out server.key
sudo rm server.pass.key
sudo openssl req -new -key server.key -out server.csr
..
>Common Name (e.g. server FQDN or YOUR name) []:node_ssl_server.local
..
sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
所以我将我的自签名证书放入 /etc/ssl/self-signed:
ls /etc/ssl/self-signed
> server.crt server.csr server.key
和我的 curl cacert.pem 进入 /usr/share/curl :
ls /usr/share/curl
> cacert.pem
我备份它:
sudo cp cacert.pem cacert.pem.old
ls /usr/share/curl
> cacert.pem cacert.pem.old
我删除它,并建立一个新的,并连接我的自签名证书:
sudo rm cacert.pem
sudo sh -c 'cat cacert.pem.old /etc/ssl/self-signed/server.crt >> cacert.pem'
ls /usr/share/curl
> cacert.pem cacert.pem.old
我使用 curl ...引发错误关于钥匙串是否有任何额外的过程(Mac OSX 10.9 - Mountain Lion)?在使用 curl w SSL 之前????