所以我有一个简单的GO服务器,它使用我通过以下命令创建的自签名证书在端口8080
上运行:
openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out local.crt -keyout local.key
创建时,我将字段设置为以下值:如您所见,除了fully qualified host name
设置为go-auth
],我跳过了所有内容
我成功地使用local.key
和local.crt
文件启动了我的Go服务器。
我尝试过cURLing
,例如:文件,然后重试:➜ certs git:(master) ✗ curl --proxy-cacert local.crt https://go-auth/ curl: (6) Could not resolve host: go-auth ➜ certs git:(master) ✗ curl --proxy-cacert local.crt https://localhost:8080/ curl: (60) SSL certificate problem: self signed certificate More details here: https://curl.haxx.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.
此后,我尝试从正在运行的服务器上获取证书并将其保存到cacert.pem
➜ certs git:(master) ✗ echo quit | openssl s_client -showcerts -servername go-auth -connect localhost:8080 > cacert.pem depth=0 CN = go-auth verify error:num=18:self signed certificate verify return:1 depth=0 CN = go-auth verify return:1 DONE ➜ certs git:(master) ✗ curl --cacert cacert.pem https://go-auth/ curl: (6) Could not resolve host: go-auth ➜ certs git:(master) ✗ curl --proxy-cacert cacert.pem https://go-auth/ curl: (6) Could not resolve host: go-auth
[我目前不知道,我正在尝试遵循以下问题的答案:Use self signed certificate with cURL?,但未获得所需的结果。
因此,我有一个简单的GO服务器,使用我通过以下命令创建的自签名证书在端口8080上运行:openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out ...
您可以使用-k
参数来跳过证书验证。