[英]SSL Error: Unable to verify the first certificate (Nginx -> Spring Boot)
I have a Ubuntu VM and I am attempting to setup an SSL cert from PositiveSSL (looks like they use Comodo) for my domain.我有一个 Ubuntu VM,我正在尝试为我的域设置来自 PositiveSSL 的 SSL 证书(看起来他们使用 Comodo)。
I originally generated mywebsite.csr and mywebsite.key then used a CNAME record on namecheap to verify my SSL cert.我最初生成了 mywebsite.csr 和 mywebsite.key,然后使用 namecheap 上的 CNAME 记录来验证我的 SSL 证书。 Once verified they emailed me mywebsite_com.crt and mywebsite_com.ca-bundle.验证后,他们通过电子邮件发送给我 mywebsite_com.crt 和 mywebsite_com.ca-bundle。
I used their instructions at: https://www.namecheap.com/support/knowledgebase/article.aspx/9617/69/how-to-convert-certificates-into-different-formats-using-openssl/ to convert it to.p12 format.我在以下位置使用了他们的说明: https://www.namecheap.com/support/knowledgebase/article.aspx/9617/69/how-to-convert-certificates-into-different-formats-using-openssl/将其转换为.p12 格式。
My application.properties looks like:我的 application.properties 看起来像:
# The format used for the keystore. It could be set to JKS in case it is a JKS file
server.ssl.key-store-type=PKCS12
# The path to the keystore containing the certificate
server.ssl.key-store=classpath:keystore/mycertificate.p12
# The password used to generate the certificate
server.ssl.key-store-password=redacted
# The alias mapped to the certificate
#server.ssl.key-alias=1
#server.ssl.key-password=redacted
server.ssl.enabled=true
I've tried multiple solutions with setting up a trust store alias, but for now this is my config.我已经尝试了多种解决方案来设置信任存储别名,但现在这是我的配置。
My nginx server config looks like this:我的 nginx 服务器配置如下所示:
upstream tomcat{
server localhost:8080;
}
server {
listen 443;
server_name mywebsite.com;
ssl on;
ssl_certificate /root/mywebsite_com.crt;
ssl_certificate_key /root/mywebsite.key;
access_log /var/log/nginx/localhost.access.log main;
location / {
proxy_pass https://tomcat;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
}
}
When I visit https://mywebsite.com it works fine in browser, but when I do a post request from postman it keeps erroring with "SSL Error: Unable to verify the first certificate"当我访问https://mywebsite.com时,它在浏览器中运行良好,但是当我从 postman 发出帖子请求时,它总是出现“SSL 错误:无法验证”的错误
I have a 3rd party webhook posting to my website and it's breaking with the error:我有一个 3rd 方 webhook 发布到我的网站,它打破了错误:
"success": false,
"error_class": "RestClient::SSLCertificateNotVerified",
"error_message": "SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable to get local issuer certificate)",
I've been banging my head against a wall all weekend trying to solve this, I've tried converting to a.pem, a.p7b, making a keystore.jks, combining the bundle and cert into mywebsite_chain.crt.我整个周末都在努力解决这个问题,我尝试转换为 a.pem、a.p7b,制作 keystore.jks,将捆绑包和证书合并到 mywebsite_chain.crt 中。 I am at a loss at what to try next, please help.我不知道接下来要尝试什么,请帮忙。
Finally solved it.终于解决了。 Turns out using the cert for nginx and spring boot was causing issues.原来使用 nginx 和 spring 引导的证书会导致问题。 By disabling ssl on spring boot and changing通过在 spring 启动和更改上禁用 ssl
proxy_pass https://tomcat;
To:至:
proxy_pass http://tomcat;
The issue has been resolved.问题已解决。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.