[英]SSL certificate issue: self signed certificate
在對專用服務器執行https請求時,我無法驗證證書
我運行此命令來創建我的證書和私鑰:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -passout file:passphrase.txt -out cert.pem -days 365
當我運行命令查看證書和密鑰是否匹配時,它們匹配
然后,我已經設置了我的ssl服務器:
server {
# SSL configuration
#
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
server_name mydomain.com;
ssl on;
ssl_certificate /pathtocert.pem;
ssl_certificate_key /pathtokey.pem;
client_max_body_size 0; # disable any limits to avoid HTTP 413 for large image uploads
ssl_password_file /pathtopassphrase.txt;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /pathtocert.pem;
# Google DNS, Open DNS, Dyn DNS
resolver 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 216.146.35.35 216.146.36.36 valid=300s;
resolver_timeout 3s;
但是當我執行我的curl請求時:
// OPTIONS:
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_HTTPHEADER, array(
"APIKEY: " . self::APIKEY,
'Content-Type: application/json',
));
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
//curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($curl, CURLOPT_CAINFO, public_path() . "\CA\Something.crt");
// EXECUTE:
$result = curl_exec($curl);
我收到如下證書問題:
SSL:無法從對等證書中獲取通用名稱
我只需要保護我的API,這就是我的目標。
我正在使用這些命令進行創建,並且每次都對我有用。
$ openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
$ openssl rsa -passin pass:x -in server.pass.key -out server.key
$ rm server.pass.key
$ openssl req -new -key server.key -out server.csr
$ openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt
這是我的nginx.conf
server {
listen 443 default_server ssl http2;
server_name IP_ADRESS;
ssl_certificate /home/NAMEOFCOMPUTER/keys/server.crt;
ssl_certificate_key /home/NAMEOFCOMPUTER/keys/server.key;
ssl_session_cache shared:SSL:10m;
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/htpasswd.kibana;
location / {
proxy_pass http://localhost:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.