Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
488 views
in Technique[技术] by (71.8m points)

curl - SSL certificate error

I am testing SSL access to a local node server with key,ca,cert in options ( self-signed w OpenSSL)

var server_options = {
  key: fs.readFileSync('/etc/ssl/self-signed/server.key'),
  ca: fs.readFileSync('/etc/ssl/self-signed/server.csr'),
  cert: fs.readFileSync('/etc/ssl/self-signed/server.crt')
};

trying to access it:

curl -v --user 1234567890:abcdefghijklmnopqrstuvwxyz --data "grant_type=password&username=yves&password=123456789" https://macMini.local:8000/oauth/token

using curl I get the following error:

curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

I downloaded the ca certificate from http://curl.haxx.se/ca/cacert.pem and add them to my curl-ca-bundle-new.crt file, as suggested in some posts related to curl... but no way

here is the log

  • About to connect() to macMini.local port 8000 (#0)

    • Trying 192.168.1.14...
    • connected
    • Connected to macMini.local (192.168.1.14) port 8000 (#0)
    • SSLv3, TLS handshake, Client hello (1):
    • SSLv3, TLS handshake, Server hello (2):
    • SSLv3, TLS handshake, CERT (11):
    • SSLv3, TLS alert, Server hello (2):
    • SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
    • Closing connection #0 curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html

I know I can bypass the Curl CA checking, using:

curl -k -v --user 1234567890:abcdefghijklmnopqrstuvwxyz --data "grant_type=password&username=yves&password=123456789" https://macMini.local:8000/oauth/token

in which case it's running fine, I can see:

SSL certificate verify result: self signed certificate (18), continuing anyway.

but I'd like to know if there is any way to solve this issue...

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

It's your self-signed certificate that you should add to your CA bundle. Otherwise, curl can't know it can be trusted.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...