traefik的tls:客户端在访问https端点时未提供证书

时间:2019-01-03 22:28:41

标签: https traefik

这是我的配置

[entryPoints]
  [entryPoints.http]
  address = ":801"

  [entryPoints.https]
  address = ":802"
  [entryPoints.https.tls]
    [entryPoints.https.tls.ClientCA]
      files = ["/etc/ssl/comodo/bundle.crt"]

      [[entryPoints.https.tls.certificates]]
        certFile = "/etc/ssl/comodo/www.crt"
        keyFile = "/etc/ssl/comodo/www.key"

[frontends]
    [frontends.http] # default
      entryPoints = ["http", "https"]
      backend = "fallback"
      passHostHeader = true

现在我正在尝试访问https://mydomain:802,并且在traefik调试输出中出现以下错误 http: TLS handshake error from 111.111.111.111:64463: tls: client didn't provide a certificate

卷曲错误消息 error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate

我不知道自己在做什么错。

1 个答案:

答案 0 :(得分:0)

您为什么要使用双向身份验证(双向握手)?对于普通的SSL连接,您的服务器证书就足够了。

在traefik.toml中,您正在配置Mutual authentication。如果您确实需要,则必须在curl请求中提供证书:

curl --cert client.pem:<password> --key key.pem --cacert ca.pem

如果您只想提供“普通” SSL,则应删除以下几行:

    [entryPoints.https.tls.ClientCA]
      files = ["/etc/ssl/comodo/bundle.crt"]