我正在使用key,ca,cert in options测试对本地节点服务器的SSL访问(自签名w OpenSSL)
var server_options = {
key: fs.readFileSync('/etc/ssl/self-signed/server.key'),
ca: fs.readFileSync('/etc/ssl/self-signed/server.csr'),
cert: fs.readFileSync('/etc/ssl/self-signed/server.crt')
};
试图访问它:
curl -v --user 1234567890:abcdefghijklmnopqrstuvwxyz --data "grant_type=password&username=yves&password=123456789" https://macMini.local:8000/oauth/token
使用curl我收到以下错误:
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
我从http://curl.haxx.se/ca/cacert.pem下载了ca证书并将它们添加到我的curl-ca-bundle-new.crt文件中,正如一些与curl相关的帖子中所建议的那样……但是没办法
这是日志
About to connect() to macMini.local port 8000 (#0)
Trying 192.168.1.14…
connected
Connected to macMini.local (192.168.1.14) port 8000 (#0)
SSLv3, TLS handshake, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS alert, Server hello (2):
SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Closing connection #0
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: 07001
我知道我可以绕过Curl CA检查,使用:
curl -k -v --user 1234567890:abcdefghijklmnopqrstuvwxyz --data "grant_type=password&username=yves&password=123456789" https://macMini.local:8000/oauth/token
在这种情况下运行正常,我可以看到:
SSL certificate verify result: self signed certificate (18), continuing anyway.
但是我想知道是否有办法解决这个问题……