Ari*_*iel 5 ssl openssl centos7
我在本地主机上使用 nginx 的自签名证书。我正在使用 OpenSSL 最新版本来执行此操作。这是配置文件。
localhost.conf
[req]
default_bits = 2048
default_keyfile = localhost.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_ca
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Rochester
localityName = Locality Name (eg, city)
localityName_default = Rochester
organizationName = Organization Name (eg, company)
organizationName_default = localhost
organizationalUnitName = organizationalunit
organizationalUnitName_default = Development
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = localhost
commonName_max = 64
[req_ext]
subjectAltName = @alt_names
[v3_ca]
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
DNS.2 = 127.0.0.1
我使用的命令如下:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout localhost.key -out localhost.crt -config localhost.conf -passin pass:YourSecurePassword
生成一个新的 localhost.pfx 文件。然后我运行以下命令来制作证书和私钥。
sudo openssl pkcs12 -export -out localhost.pfx -inkey localhost.key -in localhost.crt
现在,我在 CENTOS 8 上使用 nginx 在本地主机服务器上使用私钥和证书。当我卷曲到主机(即https://localhost )时,出现以下错误。
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
现在,我将 localhost.crt 文件放入 中/etc/pki/ca-trust/source/anchors folder,并运行以下命令:
update-ca-trust enable
update-ca-trust extract
但是,服务器仍然给我同样的错误!如何信任自签名 SSL 证书?
| 归档时间: |
|
| 查看次数: |
2403 次 |
| 最近记录: |