堆栈内存溢出
  简体   繁体   English

使用 cloud_proxy_sql 设置自定义 CA 证书

[英]Setting custom CA cert with cloud_proxy_sql

 原文  2020-08-19 06:23:25       ssl/ google-cloud-platform/ self-signed-certificate/ cloud-sql-proxy/ root-certificate

问题描述

I'm trying to use GCP's cloud_proxy_sql via one of our proxy server with custom CA signed certificates.我正在尝试通过我们的代理服务器之一使用 GCP 的cloud_proxy_sql和自定义 CA 签名证书。 I tried setting the cert using the config custom_ca_certs_file of gcloud config .我尝试使用gcloud config的配置custom_ca_certs_file设置证书。 Also double checked if the ca cert is set, using the command gcloud config list .还使用命令gcloud config list仔细检查是否设置了 ca 证书。

In spite of that, getting the below error in cloud_proxy_sql when trying to connect my SQL client via cloud_proxy_sql .尽管如此,尝试通过cloud_proxy_sql连接我的 SQL 客户端时,在cloud_proxy_sql中出现以下错误。

2020/08/19 11:37:36 Listening on 0.0.0.0:<My local port> for <Instance_connnection_name> 2020/08/19 11:37:36 在 0.0.0.0:<My local port> 上监听 <Instance_connnection_name>

2020/08/19 11:37:36 Ready for new connections 2020/08/19 11:39:11 New connection for "<Instance_connnection_name>" 2020/08/19 11:37:36 准备新连接 2020/08/19 11:39:11 “<Instance_connnection_name>”的新连接

2020/08/19 11:39:12 couldn't connect to "<Instance_connnection_name>": x509: certificate signed by unknown authority 2020/08/19 11:39:12 无法连接到“<Instance_connnection_name>”:x509:未知授权机构签署的证书

2020/08/19 11:40:08 Received TERM signal. 2020/08/19 11:40:08 收到 TERM 信号。 Waiting up to 0s before terminating.终止前等待 0s。

It seems like cloud_proxy_sql is not respecting the CA cert in gcloud config.似乎cloud_proxy_sqlgcloud配置中的 CA 证书。 How to configure the cert for cloud_proxy_sql ?如何为cloud_proxy_sql配置证书?

1 个解决方案

解决方案1
 0  2020-08-19 09:43:05

The error message indicates that your client is not able to trust the certificate of https://www.googleapis.com .该错误消息表明您的客户端无法信任https://www.googleapis.com的证书。

This can happen due to:这可能是由于:

  • The client does not know what root certificates to trust.客户端不知道要信任哪些根证书。

  • The outbound traffic is using a proxy server that is using a different, untrusted, certificate.出站流量使用的代理服务器使用不同的、不受信任的证书。

  • The 'ca-certificates.crt' file to be on /etc/ssl/certs, which is one of the locations some languages look for certificates. “ca-certificates.crt”文件位于 /etc/ssl/certs 上,这是某些语言查找证书的位置之一。

I found more about this here: Failure to connect to proxy "Certificate signed by unknown authority"我在这里找到了更多相关信息: 无法连接到代理“未知授权机构签署的证书”

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 GCP Cloud SQL 代理超时:connectex - GCP Cloud SQL Proxy times out: connectex 运行错误:.\cloud_sql_proxy.exe 用于云 sql 连接 - Error running: .\cloud_sql_proxy.exe for cloud sql connection 任何人都可以将云 SQL 与云 sql 代理 pod 连接起来吗 - Could anyone connect Cloud SQL with cloud sql proxy pod 无法通过具有 Workload Identity 的 GKE 连接到 Cloud SQL 代理 - Cannot connect to Cloud SQL Proxy through GKE with Workload Identity 如何移植转发/代理云 SQL 连接以从 Internet 访问? - How to port forward/proxy Cloud SQL connection to access from the internet? 使用 Cloud SQL Auth 代理连接 cloudsql 实例时出错 - Error while connection cloudsql instance using Cloud SQL Auth proxy 有没有办法通过 docker 容器内的代理访问谷歌云 SQL - Is there a way to access google cloud SQL via proxy inside docker container 在本地使用 cloud_sql_proxy 获取 notAuthorized 错误 - Getting notAuthorized error with cloud_sql_proxy locally 无法使用 Cloud SQL 代理从 Google Compute Engine 连接到 Google Cloud SQL - Can't connect to Google Cloud SQL from Google Compute Engine with Cloud SQL Proxy 通过 SQL Auth Proxy 将 Cloud Run Flask 应用程序连接到 Cloud SQL for PostgreSQL Auth Proxy 总是抛出错误 - Connecting Cloud Run Flask app to Cloud SQL for PostgreSQL via SQL Auth Proxy always throwing an error
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM