这是我的配置
[entryPoints]
[entryPoints.http]
address = ":801"
[entryPoints.https]
address = ":802"
[entryPoints.https.tls]
[entryPoints.https.tls.ClientCA]
files = ["/etc/ssl/comodo/bundle.crt"]
[[entryPoints.https.tls.certificates]]
certFile = "/etc/ssl/comodo/www.crt"
keyFile = "/etc/ssl/comodo/www.key"
[frontends]
[frontends.http] # default
entryPoints = ["http", "https"]
backend = "fallback"
passHostHeader = true
现在我正在尝试访问https://mydomain:802,并且在traefik调试输出中出现以下错误
http: TLS handshake error from 111.111.111.111:64463: tls: client didn't provide a certificate
卷曲错误消息
error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
我不知道自己在做什么错。
答案 0 :(得分:0)
您为什么要使用双向身份验证(双向握手)?对于普通的SSL连接,您的服务器证书就足够了。
在traefik.toml中,您正在配置Mutual authentication。如果您确实需要,则必须在curl请求中提供证书:
curl --cert client.pem:<password> --key key.pem --cacert ca.pem
如果您只想提供“普通” SSL,则应删除以下几行:
[entryPoints.https.tls.ClientCA]
files = ["/etc/ssl/comodo/bundle.crt"]