我创建了一个REST API项目,并且正在尝试使用curl这样访问https端点:
$ dotnet new angular
$ curl -I -X GET 'https://localhost:5001/api/SampleData/WeatherForecasts'
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
我四处搜寻,这是我从dotnet提取证书并将其添加到我信任的CA证书存储库中的步骤:
这是我尝试添加证书的步骤
# export netcore development certificate
$ dotnet dev-certs https -ep ~/tmp/localhost.pfx -p somepassword
# convert it to crt
$ openssl pkcs12 -in ~/tmp/localhost.pfx -clcerts -nokeys -out ~/tmp/localhost.crt
# copy to a folder in /usr/local/share/ca-certificates/
$ cd /usr/local/share/ca-certificates/
$ sudo mkdir dotnet_devel
$ sudo chmod -R 755 dotnet_devel
$ mkdir dotnet_devel
$ cd dotnet_devel
$ sudo cp ~/tmp/localhost.crt .
$ sudo chmod -R 644 localhost.crt
# update CA trusted certificates repository
$ sudo update-ca-certificates
Updating certificates in /etc/ssl/certs...
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
Adding debian:localhost.pem
done.
done.
我也尝试过这样设置CURL_CA_BUNDLE env var:
$ export CURL_CA_BUNDLE=/usr/local/share/ca-certificates/dotnet_devel/localhost.crt
我一直收到相同的卷曲错误,而且,Firefox和Chrome告诉我连接不安全
附加信息:
$ dotnet --info
.NET Core SDK (reflecting any global.json):
Version: 2.2.203
Commit: e5bab63eca
Runtime Environment:
OS Name: ubuntu
OS Version: 18.04
OS Platform: Linux
RID: ubuntu.18.04-x64
$ curl --version
curl 7.58.0 (x86_64-pc-linux-gnu) libcurl/7.58.0 OpenSSL/1.1.0g zlib/1.2.11 libidn2/2.0.4 libpsl/0.19.1 (+libidn2/2.0.4) nghttp2/1.30.0 librtmp/2.3
Release-Date: 2018-01-24
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL
$ openssl x509 -in /usr/local/share/ca-certificates/dotnet_devel/localhost.crt -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7146369397181644036 (0x632d011a88bbfd04)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = localhost
Validity
Not Before: Oct 22 19:40:53 2018 GMT
Not After : Oct 22 19:40:53 2019 GMT
Subject: CN = localhost
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
[...]
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage: critical
Key Encipherment
X509v3 Extended Key Usage: critical
TLS Web Server Authentication
X509v3 Subject Alternative Name: critical
DNS:localhost
1.3.6.1.4.1.311.84.1.1:
ASP.NET Core HTTPS development certificate
Signature Algorithm: sha256WithRSAEncryption
[...]
参考:
https://askubuntu.com/questions/645818/how-to-install-certificates-for-command-line/649463#649463
https://github.com/aspnet/AspNetCore/issues/7246#issue-406461992
services.AddScoped(s =>
{
// Creating the URI helper needs to wait until the JS Runtime is initialized, so defer it.
var uriHelper = s.GetRequiredService<NavigationManager>();
var handler = new HttpClientHandler();
handler.ServerCertificateCustomValidationCallback += (message, xcert, chain, errors) => true;
return new HttpClient(handler)
{
BaseAddress = new Uri(uriHelper.BaseUri)
};
});