SSL证书问题:自签名证书
[英]SSL certificate issue: self signed certificate
问题描述
I've got an issue to validate my certificate when i'm doing an https request to my dedicated server 
在对专用服务器执行https请求时,我无法验证证书
i ran this command to create my certificate and my private key : 我运行此命令来创建我的证书和私钥:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -passout file:passphrase.txt -out cert.pem -days 365
and when i'm runnig a command to see if the certificate and the key match, they match 当我运行命令查看证书和密钥是否匹配时,它们匹配
then, i've setup my ssl server : 然后,我已经设置了我的ssl服务器:
server {
# SSL configuration
#
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
server_name mydomain.com;
ssl on;
ssl_certificate /pathtocert.pem;
ssl_certificate_key /pathtokey.pem;
client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads
ssl_password_file /pathtopassphrase.txt;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /pathtocert.pem;
# Google DNS, Open DNS, Dyn DNS
resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 216.146.35.35 216.146.36.36 valid=300s;
resolver_timeout 3s;
but when i execute my curl request : 但是当我执行我的curl请求时:
// OPTIONS:
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_HTTPHEADER, array(
"APIKEY: " . self::APIKEY,
'Content-Type: application/json',
));
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
//curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($curl, CURLOPT_CAINFO, public_path() . "\CA\Something.crt");
// EXECUTE:
$result = curl_exec($curl);
I get a certificate issue as below: 我收到如下证书问题:
SSL: unable to obtain common name from peer certificate
I have to simply secure my API, it's my goal. 我只需要保护我的API,这就是我的目标。
1 个解决方案
解决方案1
-1 2018-04-15 15:43:36
I'm creating with these command and it works for me every time. 我正在使用这些命令进行创建,并且每次都对我有用。
$ openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
$ openssl rsa -passin pass:x -in server.pass.key -out server.key
$ rm server.pass.key
$ openssl req -new -key server.key -out server.csr
$ openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt
And this is my nginx.conf 这是我的nginx.conf
server {
listen 443 default_server ssl http2;
server_name IP_ADRESS;
ssl_certificate /home/NAMEOFCOMPUTER/keys/server.crt;
ssl_certificate_key /home/NAMEOFCOMPUTER/keys/server.key;
ssl_session_cache shared:SSL:10m;
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/htpasswd.kibana;
location / {
proxy_pass http://localhost:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.