我正在尝试建立一个由两个容器组成的 docker 网络:
- 运行在 443 上的 MockServer
- 客户端(fedora)向 MockServer 发出请求
我已经安装了取自https://github.com/mock-server/mockserver/blob/master/mockserver-core/src/main/resources/org/mockserver/socket/CertificateAuthorityCertificate.pem的 MockServer CA X.509
到/etc/pki/ca-trust/source/anchors/key.pem其次是update-ca-trust命令。不过,当我尝试使用 curl 访问 MockServer 时,我收到了以下信息:
bash-4.2# curl https://www.hostname.net/simpleFirst --verbose
* About to connect() to www.hostname.net port 443 (#0)
* Trying 172.20.128.2...
* Connected to www.hostname.net (172.20.128.2) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* Server certificate:
* subject: C=UK,ST=England,L=London,O=MockServer,CN=localhost
* start date: Jul 24 14:52:38 2020 GMT
* expire date: Jul 29 14:52:38 2021 GMT
* common name: localhost
* issuer: C=UK,ST=England,L=London,O=MockServer,CN=www.mockserver.com
* NSS error -8179 (SEC_ERROR_UNKNOWN_ISSUER)
* Peer's Certificate issuer is not recognized.
* Closing connection 0
curl: (60) Peer's Certificate issuer is not recognized.
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
非常感谢任何建议或帮助。提前致谢!