我在我的局域网中托管一个nginx网络服务器,我想验证使用ssl客户端证书访问我的服务器的客户端。我在谷歌上发布了一些自签名SSL证书和一个客户端证书。但我无法验证拥有证书的客户端。我收到以下错误
从Firefox请求时:
2017/08/10 18:30:13 [info] 8994#0:* 4客户端在读取客户端请求标头时未发送所需的SSL证书,客户端:192.168.16.27,服务器:192.168.26.43,请求:“GET /hls1/master.m3u8 HTTP / 1.1“,主持人:”192.168.26.43“
使用curl请求时: curl -v -s -k -key client.key --cert client.crt --cacert ca.crt https://192.168.26.43/hls2/master.m3u8
2017/08/10 18:30:33 [info] 8994#0:* 5客户端SSL证书验证错误:(18:自签名证书),同时读取客户端请求标头,客户端:192.168.16.27,服务器:192.168 .26.43,请求:“GET /hls2/master.m3u8 HTTP / 1.1”,主持人:“192.168.26.43”
所以,我的问题是我可以使用自签名证书对客户端进行身份验证吗?如果是这样,有人可以提供实现此目的的步骤吗?
答案 0 :(得分:12)
我偶然发现了这一点并发现了一个小陷阱,导致您遇到同样的错误:
错误18在0深度查找:自签名证书
有很多指南如何创建自签名客户端证书,我使用了以下内容(改编自here):
True: QuickTimeMovie : com.apple.quicktime-movie : AVAssetExportPreset1920x1080
True: QuickTimeMovie : com.apple.quicktime-movie : AVAssetExportPresetLowQuality
False: QuickTimeMovie : com.apple.quicktime-movie : AVAssetExportPresetAppleM4A
True: QuickTimeMovie : com.apple.quicktime-movie : AVAssetExportPresetHEVCHighestQuality
True: QuickTimeMovie : com.apple.quicktime-movie : AVAssetExportPreset640x480
True: QuickTimeMovie : com.apple.quicktime-movie : AVAssetExportPreset3840x2160
True: QuickTimeMovie : com.apple.quicktime-movie : AVAssetExportPresetHEVC3840x2160
True: QuickTimeMovie : com.apple.quicktime-movie : AVAssetExportPresetHighestQuality
True: QuickTimeMovie : com.apple.quicktime-movie : AVAssetExportPreset1280x720
True: QuickTimeMovie : com.apple.quicktime-movie : AVAssetExportPresetMediumQuality
True: QuickTimeMovie : com.apple.quicktime-movie : AVAssetExportPreset960x540
True: QuickTimeMovie : com.apple.quicktime-movie : AVAssetExportPresetHEVC1920x1080
True: Mpeg4 : public.mpeg-4 : AVAssetExportPreset1920x1080
True: Mpeg4 : public.mpeg-4 : AVAssetExportPresetLowQuality
False: Mpeg4 : public.mpeg-4 : AVAssetExportPresetAppleM4A
True: Mpeg4 : public.mpeg-4 : AVAssetExportPresetHEVCHighestQuality
True: Mpeg4 : public.mpeg-4 : AVAssetExportPreset640x480
True: Mpeg4 : public.mpeg-4 : AVAssetExportPreset3840x2160
True: Mpeg4 : public.mpeg-4 : AVAssetExportPresetHEVC3840x2160
True: Mpeg4 : public.mpeg-4 : AVAssetExportPresetHighestQuality
True: Mpeg4 : public.mpeg-4 : AVAssetExportPreset1280x720
True: Mpeg4 : public.mpeg-4 : AVAssetExportPresetMediumQuality
True: Mpeg4 : public.mpeg-4 : AVAssetExportPreset960x540
True: Mpeg4 : public.mpeg-4 : AVAssetExportPresetHEVC1920x1080
True: AppleM4V : com.apple.m4v-video : AVAssetExportPreset1920x1080
True: AppleM4V : com.apple.m4v-video : AVAssetExportPresetLowQuality
False: AppleM4V : com.apple.m4v-video : AVAssetExportPresetAppleM4A
True: AppleM4V : com.apple.m4v-video : AVAssetExportPresetHEVCHighestQuality
True: AppleM4V : com.apple.m4v-video : AVAssetExportPreset640x480
True: AppleM4V : com.apple.m4v-video : AVAssetExportPreset3840x2160
True: AppleM4V : com.apple.m4v-video : AVAssetExportPresetHEVC3840x2160
True: AppleM4V : com.apple.m4v-video : AVAssetExportPresetHighestQuality
True: AppleM4V : com.apple.m4v-video : AVAssetExportPreset1280x720
True: AppleM4V : com.apple.m4v-video : AVAssetExportPresetMediumQuality
True: AppleM4V : com.apple.m4v-video : AVAssetExportPreset960x540
True: AppleM4V : com.apple.m4v-video : AVAssetExportPresetHEVC1920x1080
False: ThreeGpp : public.3gpp : AVAssetExportPreset1920x1080
False: ThreeGpp : public.3gpp : AVAssetExportPresetLowQuality
False: ThreeGpp : public.3gpp : AVAssetExportPresetAppleM4A
False: ThreeGpp : public.3gpp : AVAssetExportPresetHEVCHighestQuality
False: ThreeGpp : public.3gpp : AVAssetExportPreset640x480
False: ThreeGpp : public.3gpp : AVAssetExportPreset3840x2160
False: ThreeGpp : public.3gpp : AVAssetExportPresetHEVC3840x2160
False: ThreeGpp : public.3gpp : AVAssetExportPresetHighestQuality
False: ThreeGpp : public.3gpp : AVAssetExportPreset1280x720
False: ThreeGpp : public.3gpp : AVAssetExportPresetMediumQuality
False: ThreeGpp : public.3gpp : AVAssetExportPreset960x540
False: ThreeGpp : public.3gpp : AVAssetExportPresetHEVC1920x1080
False: AppleM4a : com.apple.m4a-audio : AVAssetExportPreset1920x1080
False: AppleM4a : com.apple.m4a-audio : AVAssetExportPresetLowQuality
True: AppleM4a : com.apple.m4a-audio : AVAssetExportPresetAppleM4A
False: AppleM4a : com.apple.m4a-audio : AVAssetExportPresetHEVCHighestQuality
False: AppleM4a : com.apple.m4a-audio : AVAssetExportPreset640x480
False: AppleM4a : com.apple.m4a-audio : AVAssetExportPreset3840x2160
False: AppleM4a : com.apple.m4a-audio : AVAssetExportPresetHEVC3840x2160
False: AppleM4a : com.apple.m4a-audio : AVAssetExportPresetHighestQuality
False: AppleM4a : com.apple.m4a-audio : AVAssetExportPreset1280x720
False: AppleM4a : com.apple.m4a-audio : AVAssetExportPresetMediumQuality
False: AppleM4a : com.apple.m4a-audio : AVAssetExportPreset960x540
False: AppleM4a : com.apple.m4a-audio : AVAssetExportPresetHEVC1920x1080
False: CoreAudioFormat : com.apple.coreaudio-format : AVAssetExportPreset1920x1080
False: CoreAudioFormat : com.apple.coreaudio-format : AVAssetExportPresetLowQuality
False: CoreAudioFormat : com.apple.coreaudio-format : AVAssetExportPresetAppleM4A
False: CoreAudioFormat : com.apple.coreaudio-format : AVAssetExportPresetHEVCHighestQuality
False: CoreAudioFormat : com.apple.coreaudio-format : AVAssetExportPreset640x480
False: CoreAudioFormat : com.apple.coreaudio-format : AVAssetExportPreset3840x2160
False: CoreAudioFormat : com.apple.coreaudio-format : AVAssetExportPresetHEVC3840x2160
False: CoreAudioFormat : com.apple.coreaudio-format : AVAssetExportPresetHighestQuality
False: CoreAudioFormat : com.apple.coreaudio-format : AVAssetExportPreset1280x720
False: CoreAudioFormat : com.apple.coreaudio-format : AVAssetExportPresetMediumQuality
False: CoreAudioFormat : com.apple.coreaudio-format : AVAssetExportPreset960x540
False: CoreAudioFormat : com.apple.coreaudio-format : AVAssetExportPresetHEVC1920x1080
False: Wave : com.microsoft.waveform-audio : AVAssetExportPreset1920x1080
False: Wave : com.microsoft.waveform-audio : AVAssetExportPresetLowQuality
False: Wave : com.microsoft.waveform-audio : AVAssetExportPresetAppleM4A
False: Wave : com.microsoft.waveform-audio : AVAssetExportPresetHEVCHighestQuality
False: Wave : com.microsoft.waveform-audio : AVAssetExportPreset640x480
False: Wave : com.microsoft.waveform-audio : AVAssetExportPreset3840x2160
False: Wave : com.microsoft.waveform-audio : AVAssetExportPresetHEVC3840x2160
False: Wave : com.microsoft.waveform-audio : AVAssetExportPresetHighestQuality
False: Wave : com.microsoft.waveform-audio : AVAssetExportPreset1280x720
False: Wave : com.microsoft.waveform-audio : AVAssetExportPresetMediumQuality
False: Wave : com.microsoft.waveform-audio : AVAssetExportPreset960x540
False: Wave : com.microsoft.waveform-audio : AVAssetExportPresetHEVC1920x1080
False: Aiff : public.aiff-audio : AVAssetExportPreset1920x1080
False: Aiff : public.aiff-audio : AVAssetExportPresetLowQuality
False: Aiff : public.aiff-audio : AVAssetExportPresetAppleM4A
False: Aiff : public.aiff-audio : AVAssetExportPresetHEVCHighestQuality
False: Aiff : public.aiff-audio : AVAssetExportPreset640x480
False: Aiff : public.aiff-audio : AVAssetExportPreset3840x2160
False: Aiff : public.aiff-audio : AVAssetExportPresetHEVC3840x2160
False: Aiff : public.aiff-audio : AVAssetExportPresetHighestQuality
False: Aiff : public.aiff-audio : AVAssetExportPreset1280x720
False: Aiff : public.aiff-audio : AVAssetExportPresetMediumQuality
False: Aiff : public.aiff-audio : AVAssetExportPreset960x540
False: Aiff : public.aiff-audio : AVAssetExportPresetHEVC1920x1080
False: Aifc : public.aifc-audio : AVAssetExportPreset1920x1080
False: Aifc : public.aifc-audio : AVAssetExportPresetLowQuality
False: Aifc : public.aifc-audio : AVAssetExportPresetAppleM4A
False: Aifc : public.aifc-audio : AVAssetExportPresetHEVCHighestQuality
False: Aifc : public.aifc-audio : AVAssetExportPreset640x480
False: Aifc : public.aifc-audio : AVAssetExportPreset3840x2160
False: Aifc : public.aifc-audio : AVAssetExportPresetHEVC3840x2160
False: Aifc : public.aifc-audio : AVAssetExportPresetHighestQuality
False: Aifc : public.aifc-audio : AVAssetExportPreset1280x720
False: Aifc : public.aifc-audio : AVAssetExportPresetMediumQuality
False: Aifc : public.aifc-audio : AVAssetExportPreset960x540
False: Aifc : public.aifc-audio : AVAssetExportPresetHEVC1920x1080
False: Amr : org.3gpp.adaptive-multi-rate-audio : AVAssetExportPreset1920x1080
False: Amr : org.3gpp.adaptive-multi-rate-audio : AVAssetExportPresetLowQuality
False: Amr : org.3gpp.adaptive-multi-rate-audio : AVAssetExportPresetAppleM4A
False: Amr : org.3gpp.adaptive-multi-rate-audio : AVAssetExportPresetHEVCHighestQuality
False: Amr : org.3gpp.adaptive-multi-rate-audio : AVAssetExportPreset640x480
False: Amr : org.3gpp.adaptive-multi-rate-audio : AVAssetExportPreset3840x2160
False: Amr : org.3gpp.adaptive-multi-rate-audio : AVAssetExportPresetHEVC3840x2160
False: Amr : org.3gpp.adaptive-multi-rate-audio : AVAssetExportPresetHighestQuality
False: Amr : org.3gpp.adaptive-multi-rate-audio : AVAssetExportPreset1280x720
False: Amr : org.3gpp.adaptive-multi-rate-audio : AVAssetExportPresetMediumQuality
False: Amr : org.3gpp.adaptive-multi-rate-audio : AVAssetExportPreset960x540
False: Amr : org.3gpp.adaptive-multi-rate-audio : AVAssetExportPresetHEVC1920x1080
False: ThreeGpp2 : public.3gpp2 : AVAssetExportPreset1920x1080
False: ThreeGpp2 : public.3gpp2 : AVAssetExportPresetLowQuality
False: ThreeGpp2 : public.3gpp2 : AVAssetExportPresetAppleM4A
False: ThreeGpp2 : public.3gpp2 : AVAssetExportPresetHEVCHighestQuality
False: ThreeGpp2 : public.3gpp2 : AVAssetExportPreset640x480
False: ThreeGpp2 : public.3gpp2 : AVAssetExportPreset3840x2160
False: ThreeGpp2 : public.3gpp2 : AVAssetExportPresetHEVC3840x2160
False: ThreeGpp2 : public.3gpp2 : AVAssetExportPresetHighestQuality
False: ThreeGpp2 : public.3gpp2 : AVAssetExportPreset1280x720
False: ThreeGpp2 : public.3gpp2 : AVAssetExportPresetMediumQuality
False: ThreeGpp2 : public.3gpp2 : AVAssetExportPreset960x540
False: ThreeGpp2 : public.3gpp2 : AVAssetExportPresetHEVC1920x1080
False: MpegLayer3 : public.mp3 : AVAssetExportPreset1920x1080
False: MpegLayer3 : public.mp3 : AVAssetExportPresetLowQuality
False: MpegLayer3 : public.mp3 : AVAssetExportPresetAppleM4A
False: MpegLayer3 : public.mp3 : AVAssetExportPresetHEVCHighestQuality
False: MpegLayer3 : public.mp3 : AVAssetExportPreset640x480
False: MpegLayer3 : public.mp3 : AVAssetExportPreset3840x2160
False: MpegLayer3 : public.mp3 : AVAssetExportPresetHEVC3840x2160
False: MpegLayer3 : public.mp3 : AVAssetExportPresetHighestQuality
False: MpegLayer3 : public.mp3 : AVAssetExportPreset1280x720
False: MpegLayer3 : public.mp3 : AVAssetExportPresetMediumQuality
False: MpegLayer3 : public.mp3 : AVAssetExportPreset960x540
False: MpegLayer3 : public.mp3 : AVAssetExportPresetHEVC1920x1080
False: SunAU : public.au-audio : AVAssetExportPreset1920x1080
False: SunAU : public.au-audio : AVAssetExportPresetLowQuality
False: SunAU : public.au-audio : AVAssetExportPresetAppleM4A
False: SunAU : public.au-audio : AVAssetExportPresetHEVCHighestQuality
False: SunAU : public.au-audio : AVAssetExportPreset640x480
False: SunAU : public.au-audio : AVAssetExportPreset3840x2160
False: SunAU : public.au-audio : AVAssetExportPresetHEVC3840x2160
False: SunAU : public.au-audio : AVAssetExportPresetHighestQuality
False: SunAU : public.au-audio : AVAssetExportPreset1280x720
False: SunAU : public.au-audio : AVAssetExportPresetMediumQuality
False: SunAU : public.au-audio : AVAssetExportPreset960x540
False: SunAU : public.au-audio : AVAssetExportPresetHEVC1920x1080
False: AC3 : public.ac3-audio : AVAssetExportPreset1920x1080
False: AC3 : public.ac3-audio : AVAssetExportPresetLowQuality
False: AC3 : public.ac3-audio : AVAssetExportPresetAppleM4A
False: AC3 : public.ac3-audio : AVAssetExportPresetHEVCHighestQuality
False: AC3 : public.ac3-audio : AVAssetExportPreset640x480
False: AC3 : public.ac3-audio : AVAssetExportPreset3840x2160
False: AC3 : public.ac3-audio : AVAssetExportPresetHEVC3840x2160
False: AC3 : public.ac3-audio : AVAssetExportPresetHighestQuality
False: AC3 : public.ac3-audio : AVAssetExportPreset1280x720
False: AC3 : public.ac3-audio : AVAssetExportPresetMediumQuality
False: AC3 : public.ac3-audio : AVAssetExportPreset960x540
False: AC3 : public.ac3-audio : AVAssetExportPresetHEVC1920x1080
False: EnhancedAC3 : public.enhanced-ac3-audio : AVAssetExportPreset1920x1080
False: EnhancedAC3 : public.enhanced-ac3-audio : AVAssetExportPresetLowQuality
False: EnhancedAC3 : public.enhanced-ac3-audio : AVAssetExportPresetAppleM4A
False: EnhancedAC3 : public.enhanced-ac3-audio : AVAssetExportPresetHEVCHighestQuality
False: EnhancedAC3 : public.enhanced-ac3-audio : AVAssetExportPreset640x480
False: EnhancedAC3 : public.enhanced-ac3-audio : AVAssetExportPreset3840x2160
False: EnhancedAC3 : public.enhanced-ac3-audio : AVAssetExportPresetHEVC3840x2160
False: EnhancedAC3 : public.enhanced-ac3-audio : AVAssetExportPresetHighestQuality
False: EnhancedAC3 : public.enhanced-ac3-audio : AVAssetExportPreset1280x720
False: EnhancedAC3 : public.enhanced-ac3-audio : AVAssetExportPresetMediumQuality
False: EnhancedAC3 : public.enhanced-ac3-audio : AVAssetExportPreset960x540
False: EnhancedAC3 : public.enhanced-ac3-audio : AVAssetExportPresetHEVC1920x1080
False: Jpeg : public.jpeg : AVAssetExportPreset1920x1080
False: Jpeg : public.jpeg : AVAssetExportPresetLowQuality
False: Jpeg : public.jpeg : AVAssetExportPresetAppleM4A
False: Jpeg : public.jpeg : AVAssetExportPresetHEVCHighestQuality
False: Jpeg : public.jpeg : AVAssetExportPreset640x480
False: Jpeg : public.jpeg : AVAssetExportPreset3840x2160
False: Jpeg : public.jpeg : AVAssetExportPresetHEVC3840x2160
False: Jpeg : public.jpeg : AVAssetExportPresetHighestQuality
False: Jpeg : public.jpeg : AVAssetExportPreset1280x720
False: Jpeg : public.jpeg : AVAssetExportPresetMediumQuality
False: Jpeg : public.jpeg : AVAssetExportPreset960x540
False: Jpeg : public.jpeg : AVAssetExportPresetHEVC1920x1080
False: Dng : com.adobe.raw-image : AVAssetExportPreset1920x1080
False: Dng : com.adobe.raw-image : AVAssetExportPresetLowQuality
False: Dng : com.adobe.raw-image : AVAssetExportPresetAppleM4A
False: Dng : com.adobe.raw-image : AVAssetExportPresetHEVCHighestQuality
False: Dng : com.adobe.raw-image : AVAssetExportPreset640x480
False: Dng : com.adobe.raw-image : AVAssetExportPreset3840x2160
False: Dng : com.adobe.raw-image : AVAssetExportPresetHEVC3840x2160
False: Dng : com.adobe.raw-image : AVAssetExportPresetHighestQuality
False: Dng : com.adobe.raw-image : AVAssetExportPreset1280x720
False: Dng : com.adobe.raw-image : AVAssetExportPresetMediumQuality
False: Dng : com.adobe.raw-image : AVAssetExportPreset960x540
False: Dng : com.adobe.raw-image : AVAssetExportPresetHEVC1920x1080
False: Heic : public.heic : AVAssetExportPreset1920x1080
False: Heic : public.heic : AVAssetExportPresetLowQuality
False: Heic : public.heic : AVAssetExportPresetAppleM4A
False: Heic : public.heic : AVAssetExportPresetHEVCHighestQuality
False: Heic : public.heic : AVAssetExportPreset640x480
False: Heic : public.heic : AVAssetExportPreset3840x2160
False: Heic : public.heic : AVAssetExportPresetHEVC3840x2160
False: Heic : public.heic : AVAssetExportPresetHighestQuality
False: Heic : public.heic : AVAssetExportPreset1280x720
False: Heic : public.heic : AVAssetExportPresetMediumQuality
False: Heic : public.heic : AVAssetExportPreset960x540
False: Heic : public.heic : AVAssetExportPresetHEVC1920x1080
False: Avci : public.avci : AVAssetExportPreset1920x1080
False: Avci : public.avci : AVAssetExportPresetLowQuality
False: Avci : public.avci : AVAssetExportPresetAppleM4A
False: Avci : public.avci : AVAssetExportPresetHEVCHighestQuality
False: Avci : public.avci : AVAssetExportPreset640x480
False: Avci : public.avci : AVAssetExportPreset3840x2160
False: Avci : public.avci : AVAssetExportPresetHEVC3840x2160
False: Avci : public.avci : AVAssetExportPresetHighestQuality
False: Avci : public.avci : AVAssetExportPreset1280x720
False: Avci : public.avci : AVAssetExportPresetMediumQuality
False: Avci : public.avci : AVAssetExportPreset960x540
False: Avci : public.avci : AVAssetExportPresetHEVC1920x1080
False: Heif : public.heif : AVAssetExportPreset1920x1080
False: Heif : public.heif : AVAssetExportPresetLowQuality
False: Heif : public.heif : AVAssetExportPresetAppleM4A
False: Heif : public.heif : AVAssetExportPresetHEVCHighestQuality
False: Heif : public.heif : AVAssetExportPreset640x480
False: Heif : public.heif : AVAssetExportPreset3840x2160
False: Heif : public.heif : AVAssetExportPresetHEVC3840x2160
False: Heif : public.heif : AVAssetExportPresetHighestQuality
False: Heif : public.heif : AVAssetExportPreset1280x720
False: Heif : public.heif : AVAssetExportPresetMediumQuality
False: Heif : public.heif : AVAssetExportPreset960x540
False: Heif : public.heif : AVAssetExportPresetHEVC1920x1080
False: Tiff : public.tiff : AVAssetExportPreset1920x1080
False: Tiff : public.tiff : AVAssetExportPresetLowQuality
False: Tiff : public.tiff : AVAssetExportPresetAppleM4A
False: Tiff : public.tiff : AVAssetExportPresetHEVCHighestQuality
False: Tiff : public.tiff : AVAssetExportPreset640x480
False: Tiff : public.tiff : AVAssetExportPreset3840x2160
False: Tiff : public.tiff : AVAssetExportPresetHEVC3840x2160
False: Tiff : public.tiff : AVAssetExportPresetHighestQuality
False: Tiff : public.tiff : AVAssetExportPreset1280x720
False: Tiff : public.tiff : AVAssetExportPresetMediumQuality
False: Tiff : public.tiff : AVAssetExportPreset960x540
False: Tiff : public.tiff : AVAssetExportPresetHEVC1920x1080
但是,如果您对ca和客户端证书使用相同的组织名称(例如,公司),您将看到上述错误!
如果# Create the CA Key and Certificate for signing Client Certs
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
# Create the Client Key and CSR
openssl genrsa -des3 -out client.key 4096
openssl req -new -key client.key -out client.csr
# Sign the client certificate with our CA cert
openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt
# Convert to .p12 so import in OSX works
openssl pkcs12 -export -clcerts -inkey client.key -in client.crt -out client.p12 -name "MyKey"
没有抱怨自签名证书,那么您就可以了。
答案 1 :(得分:0)
服务器必须信任客户端证书。对于自签名证书,这意味着必须从客户端的密钥库导出证书并将其导入服务器的信任库。
当服务器请求客户端证书时,它还会发送一个可信签名者列表,并且只允许客户端发送最终由其中一个签名者签名的证书。由于服务器不知道自签名客户端证书,因此它不包括作为可信签名者,因此客户端无法发送其证书。因此client sent no required SSL certificate while reading client request headers。