我使用
openssl当我运行以下命令尝试连接到服务器时,
curl --cacert caroot.cer --capath ~/ca/ --user abc:123 https://localhost:9999我收到错误
curl: (77) Problem with the SSL CA cert (path? access rights?)我在ubuntu上做了同样的步骤,一切都按预期工作。
这是脚本
#!/bin/bash
export PW=`cat password`
echo "generating the key pair and save to the keystore"
keytool -genkeypair \
-alias test \
-keystore test.jks \
-dname "CN=localhost, OU=TA, O=S1, L=Toronto, ST=Ontario, C=CA" \
-keypass $PW \
-storepass $PW \
-keyalg RSA \
-keysize 4096 \
-ext KeyUsage:critical="keyCertSign" \
-ext BasicConstraints:critical="ca:true" \
-sigalg SHA1withRSA
echo "self-signing the certificate where both owner and issuer are the same as test.jks"
keytool -export -alias test -file test_self_signed.cer -keystore test.jks -storepass $PW
echo "generating the certificate signing request(CSR) for test.jks"
keytool -certreq -alias test -keystore test.jks -file test.csr -storepass $PW
set RANDFILE=rand
echo "generating CA's private key and CA's CSR"
openssl req -new -keyout cakey.pem -out careq.pem #-config /usr/lib/ssl/openssl.cnf
echo "self-signing CA's certificate"
openssl x509 -signkey cakey.pem -req -days 3650 -in careq.pem -out caroot.cer -extensions v3_ca
echo 1234 > serial.txt
echo "signing test.csr using CA's certificate and CA's private key"
openssl x509 \
-CA caroot.cer \
-CAkey cakey.pem \
-CAserial serial.txt \
-req \
-in test.csr \
-out test_signed_by_CA.cer \
-days 365
echo "adding CA's certificate to the keystore"
keytool -import -alias schedule1 -file caroot.cer -keystore test.jks -storepass $PW
echo "adding test's certificate signed by CA to the keystore"
keytool -import -alias test -file test_signed_by_CA.cer -keystore test.jks -storepass $PW
错误“curl: (77) Problem with the SSL CA cert (path? access Rights?)”,如其所示,表明参数中传递的文件存在问题。您应该检查文件的路径和权限,以确保curl 进程用户可以读取它。在这种特殊情况下,正如“Patrick Mevzek”提到的,某些应用程序无法通过
~