[英]Setting custom CA cert with cloud_proxy_sql
I'm trying to use GCP's cloud_proxy_sql
via one of our proxy server with custom CA signed certificates.我正在尝试通过我们的代理服务器之一使用 GCP 的
cloud_proxy_sql
和自定义 CA 签名证书。 I tried setting the cert using the config custom_ca_certs_file
of gcloud config
.我尝试使用
gcloud config
的配置custom_ca_certs_file
设置证书。 Also double checked if the ca cert is set, using the command gcloud config list
.还使用命令
gcloud config list
仔细检查是否设置了 ca 证书。
In spite of that, getting the below error in cloud_proxy_sql
when trying to connect my SQL client via cloud_proxy_sql
.尽管如此,尝试通过
cloud_proxy_sql
连接我的 SQL 客户端时,在cloud_proxy_sql
中出现以下错误。
2020/08/19 11:37:36 Listening on 0.0.0.0:<My local port> for <Instance_connnection_name>
2020/08/19 11:37:36 在 0.0.0.0:<My local port> 上监听 <Instance_connnection_name>
2020/08/19 11:37:36 Ready for new connections 2020/08/19 11:39:11 New connection for "<Instance_connnection_name>"
2020/08/19 11:37:36 准备新连接 2020/08/19 11:39:11 “<Instance_connnection_name>”的新连接
2020/08/19 11:39:12 couldn't connect to "<Instance_connnection_name>": x509: certificate signed by unknown authority
2020/08/19 11:39:12 无法连接到“<Instance_connnection_name>”:x509:未知授权机构签署的证书
2020/08/19 11:40:08 Received TERM signal.
2020/08/19 11:40:08 收到 TERM 信号。 Waiting up to 0s before terminating.
终止前等待 0s。
It seems like cloud_proxy_sql
is not respecting the CA cert in gcloud
config.似乎
cloud_proxy_sql
不gcloud
配置中的 CA 证书。 How to configure the cert for cloud_proxy_sql
?如何为
cloud_proxy_sql
配置证书?
The error message indicates that your client is not able to trust the certificate of https://www.googleapis.com .该错误消息表明您的客户端无法信任https://www.googleapis.com的证书。
This can happen due to:这可能是由于:
The client does not know what root certificates to trust.客户端不知道要信任哪些根证书。
The outbound traffic is using a proxy server that is using a different, untrusted, certificate.出站流量使用的代理服务器使用不同的、不受信任的证书。
The 'ca-certificates.crt' file to be on /etc/ssl/certs, which is one of the locations some languages look for certificates. “ca-certificates.crt”文件位于 /etc/ssl/certs 上,这是某些语言查找证书的位置之一。
I found more about this here: Failure to connect to proxy "Certificate signed by unknown authority"我在这里找到了更多相关信息: 无法连接到代理“未知授权机构签署的证书”
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.