Question

我正在尝试使用curl w SSL，我收到有关证书的永久性错误。我知道OSX对于卷曲证书是一团糟，我想在为dev创建自己的自签名证书（我在localhost上的node_ssl_server.local）之后忘记了一个重要的过程

错误：

curl --verbose --header "Authorization: Bearer b8232aedb20e0a97499b3bffa9d3edeb3c1b25" https://node_ssl_server.local:8000/Categories
* About to connect() to node_ssl_server.local port 8000 (#0)
*   Trying 192.168.1.13...
* connected
* Connected to node_ssl_server.local (192.168.1.13) port 8000 (#0)
* successfully set certificate verify locations:
*   CAfile: /usr/share/curl/cacert.pem
  CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem, verify that the CA cert is OK. 
Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
    * Closing connection #0
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

我之前创建的自签名证书：

    cd /etc/ssl/self-signed
    sudo openssl genrsa -des3 -out server.pass.key 2048
    sudo openssl rsa -in server.pass.key -out server.key
    sudo openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
    sudo openssl rsa -passin pass:x -in server.pass.key -out server.key
    sudo rm server.pass.key
    sudo openssl req -new -key server.key -out server.csr
    ..
    >Common Name (e.g. server FQDN or YOUR name) []:node_ssl_server.local
    ..
    sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

所以我将自签名证书放入/ etc / ssl / self-signed：

    ls /etc/ssl/self-signed
    > server.crt    server.csr  server.key

和我的卷曲cacert.pem进入/ usr / share / curl：

    ls /usr/share/curl 
    > cacert.pem

我备份它：

    sudo cp cacert.pem cacert.pem.old

    ls /usr/share/curl 
    > cacert.pem    cacert.pem.old

我将其删除，并构建一个新的，我的自签名证书连接在一起：

    sudo rm cacert.pem
    sudo sh -c 'cat cacert.pem.old /etc/ssl/self-signed/server.crt >> cacert.pem'

    ls /usr/share/curl 
    > cacert.pem    cacert.pem.old

我使用卷曲...提高错误钥匙串是否有任何额外的过程（Mac OSX 10.9 - Mountain Lion）？在使用curl w SSL ????

之前

Answer 1

我将自签名证书（/etc/ssl/self-signed/server.crt）添加到Apple钥匙串证书（作为根证书），授予权限...... AND 我重新启动了我的计算机....这是一个关键点...... 我不知道为什么我的计算机需要重新启动，但我认为证书无法识别......

OS X与curl SSL战斗 - 证书错误

1 个答案: