sor*_*rin 2 macos ssl keychain
考虑到我知道系统 KeyChain 包含所有需要的 SSL 证书,我确实想生成一个 PEM 捆绑包,可以将其与无法与 Apple 钥匙串通信的其他工具一起使用。例如:Python 请求库或 Oracle Java。
请注意,这与特定证书无关,而是我想要进行的批量操作。
一旦我有了这个包,我就可以将 SSL_CERT_FILE 和 REQUESTS_CA_BUNDLE 等环境变量指向它的位置并使用它。
# If you might use the bundle for different users this path should be readable by most
#TMP_CERT=/usr/local/shared-ca-bundle.pem
TMP_CERT=$HOME/my-ca-bundle.pem
security find-certificate -a -p /System/Library/Keychains/SystemRootCertificates.keychain > $TMP_CERT
security find-certificate -a -p /Library/Keychains/System.keychain >> $TMP_CERT
## If you have a internal company proxy cert (Root CA usually), append it to the .pem file if it wasn't in the system stores
## This adds the variable to your shell config file
echo 'export REQUESTS_CA_BUNDLE="$HOME/my-ca-bundle.pem"' >> $HOME/.bash_profile
. $HOME/.bash_profile # this loads the variable to the current shell environment
# run your `pip install whatever` or
# `az upgrade` or `az bicep install`
### the Azure CLI is built with Python and uses it for the plugins they use
Python/Requests 关心系统证书之前的 SystemRootCertificates,而curl 似乎并不关心。
如果以相反的顺序完成请求,您会收到错误的示例。
requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)
| 归档时间: |
|
| 查看次数: |
4583 次 |
| 最近记录: |