jupyter - SSL 链证书：PEM_read_bio:no start line

Question

如何配置 Jupyterhub 以使用链证书？我有来自 Entrust 的证书：

我的名字.txt

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

Entrust_Root.txt

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

Entrust_L1Kroot.txt

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

当我尝试启动 Jupyterhub 时，出现以下错误：

crypto.js:131

c.context.setKey(options.key);
          ^

Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
at Object.exports.createCredentials (crypto.js:131:17)
at Server (tls.js:1128:28)
at new Server (https.js:35:14)
at Object.exports.createServer (https.js:54:10)
at new ConfigurableProxy (/usr/lib/node_modules/configurable-http-proxy/lib/configproxy.js:158:35)
at Object. (/usr/lib/node_modules/configurable-http-proxy/bin/configurable-http-proxy:171:13)
at Module._compile (module.js:456:26)
at Object.Module._extensions..js (module.js:474:10)
at Module.load (module.js:356:32)
at Function.Module._load (module.js:312:12)
[C 2016-05-13 15:44:24.633 JupyterHub app:1119] Failed to start proxy
Traceback (most recent call last):
File "/usr/local/lib/python3.5/site-packages/jupyterhub/app.py", line 1117, in start
yield self.start_proxy()
File "/usr/local/lib/python3.5/site-packages/jupyterhub/app.py", line 881, in start_proxy
_check()
File "/usr/local/lib/python3.5/site-packages/jupyterhub/app.py", line 877, in _check
raise e
RuntimeError: Proxy failed to start with exit code 8

我的配置文件：

c.JupyterHub.ssl_cert = u'/path/to/Entrust_L1Kroot.txt'
c.JupyterHub.ssl_key = u'/path/to/my_name.txt'

我已经尝试对 ssl_cert 和 ssl_key 进行其他分配，但它们并没有更好地工作。

Answer 1

要准备完整的证书链，您需要将所有证书连接到单个文件：

cat your_name.txt Entrust_L1Kroot.txt Entrust_Root.txt > your_name-chained.crt

然后配置 JupyterHUB：

c.JupyterHub.ssl_cert = '/path/to/your_name-chained.crt'
c.JupyterHub.ssl_key = '/path/to/my_name.key'

Answer 2

您可以为 jupyterhub 生成您的 - 自签名 SSL 证书，例如 - 如果您使用 localhost（或没有真实域）

openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout jupyterhub.key -out jupyterhub.crt