遵循似乎是向 Linux 信任添加证书的标准程序,并且似乎添加了证书:
$ sudo cp foo.crt /usr/local/share/ca-certificates/foo.crt`
$ sudo update-ca-certificates
Updating certificates in /etc/ssl/certs...
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
但是curl,wget拒绝使用该证书连接到服务器,并出现以下错误:
verify error: Unable to get local issuer certificate
Unable to locally verify the issuer's authority
(如果使用 禁用验证,它会连接curl -k,但这不是解决方案。)
证书本身是使用此命令创建的,用于在本地 Gitlab 实例 (nginx) 上启用 SSL:
$ openssl req -x509 -days 365 -newkey rsa:1024 -keyout bar.pem -nodes -out foo.crt -config openssl_conf
在哪里openssl_conf:
distinguished_name = req_distinguished_name
x509_extensions = v3_req …