在SOLR 6上设置SSL

时间:2019-10-03 12:04:38

标签: ssl curl solr

TL; DR

设置,在SOLR 6上使用SSL-现在curl设置实例时,出现以下错误

$ curl -u username:password "https://fake.org:8983/solr/name/select?q=*:*&wt=json&indent=on"

curl: (60) Issuer certificate is invalid.
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

定义

我一直在尝试使用官方文档here

在SOLR 6上设置SSL

一旦我开始使用SSL属性设置启动SOLR,就可以通过curl通过以下方式连接到它,这将为我提供准确的结果。 

curl -u username:password "https://localhost:8983/solr/name/select?q=*:*&wt=json&indent=on" -k --verbose

但是,如果我从curl命令中删除了-k标志,则会出现以下错误

$ curl -u username:password "https://fake.org:8983/solr/name/select?q=*:*&wt=json&indent=on" --verbose
* About to connect() to domain port 8983 (#0)
*   Trying 127.0.0.1...
* Connected to fake.org (127.0.0.1) port 8983 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Server certificate:
*   subject: CN=fake.org,OU=XX,O=XXX,L=XXX,ST=XXX,C=XX
*   start date: Oct 03 10:02:10 2019 GMT
*   expire date: Feb 17 10:02:10 2047 GMT
*   common name: fake.org
*   issuer: CN=fake.org,OU=XX,O=XXX,L=XXX,ST=XXX,C=XX
* NSS error -8156 (SEC_ERROR_CA_CERT_INVALID)
* Issuer certificate is invalid.
* Closing connection 0
curl: (60) Issuer certificate is invalid.
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
$

现在,有些事情告诉我,我必须获取.crt文件以由密钥库信任,但是我不确定这是什么crt文件。

0 个答案:

没有答案
相关问题
最新问题