我正在尝试了解如何让 Ubuntu 信任自签名证书。我正在使用网站https://badssl.com/(具体来说,https://self-signed.badssl.com)。
通过 Chrome 导出证书。(我检查过了。生成的文件是一个很好的 .pem 文件。)
我将该文件命名为 self-signed.crt。
我将文件添加到/usr/local/share/ca-certificates/
运行sudo update-ca-certificates
。(输出确认证书已添加且没有错误。)
但是,当我运行时curl https://self-signed.badssl.com
,它会报告一个自签名证书。
(当我运行时,curl -k https://self-signed.badssl.com
它运行良好。
如果有人想尝试,我会附上自签名证书。
非常感谢您的帮助。
下面是我的 shell 的日志
zalmang@zalman:~/certs$ cat self-signed.crt
-----BEGIN CERTIFICATE-----
MIIDhDCCAmygAwIBAgIUda+Ilih74Elv5BmHvQIw/YnxPuwwDQYJKoZIhvcNAQEL
BQAwYjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM
DVNhbiBGcmFuY2lzY28xDzANBgNVBAoMBkJhZFNTTDEVMBMGA1UEAwwMKi5iYWRz
c2wuY29tMB4XDTI0MDIyMTIxMjgzMloXDTI2MDIyMDIxMjgzMlowYjELMAkGA1UE
BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lz
Y28xDzANBgNVBAoMBkJhZFNTTDEVMBMGA1UEAwwMKi5iYWRzc2wuY29tMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1d+kF6K5ZveCuMPUtCZ18dml3JPG
aTgwAvJtjXjgXJFCKscf1oQu8xIQA7XMBPBLEsSRfT0KbZIrLRqOfWnQY4kmHiZb
4upgGDSw2JA9+je7cr6GzIBcPFtZ97Ne/xFD2hVUL9vzTWRYh2/BUACvfyLos2Co
g2kY5GiA88banqGRwNPlOEI15zeoy02D1bYPbTGoE6MisTRQPR6cb9tuGwBGbroO
epd+HVN10mOqwMbez9BY9AkVCBZOuXrZuBE06UljKctt2KnzWCvZCa0oyucFpegy
Qi/3l5DEvx+RzmGrKo7RCnxPjVTEbjnPqupNuiE+SquQivvOeX5Gx2/wlwIDAQAB
ozIwMDAjBgNVHREEHDAaggwqLmJhZHNzbC5jb22CCmJhZHNzbC5jb20wCQYDVR0T
BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAFf6rKOt6cbZG+EbffpmAA1khL6SB1bFa
GpToS1oXG59a57XZIMDU1opWJru+8pVcA2ZXhCWBfFYfE7XGoST++QtbPTxBbyQU
kMUY8p1n+tleVlQRZJLTNU7VzkAJBUvwoFPAmDp6bLgaFQe7OeuUDbcWQWlhBQGj
V/BTsaqdR61NoPDQun8PMhc0ryPbYzvSxrJZuGVusrC6m2igtcbc2fAQG+S66nd2
f34bgBA9Z1Uek80K94Dg8Ho8l3LzaL6AVZrijrz7TYc9tdE3l9MtASlB+3yn9xrq
XEsNn7Hecv3MRShNLN8U2njh53KnMcr/v0Jdof1pRy53/mBs0owh6Q==
-----END CERTIFICATE-----
zalmang@zalman:~/certs$ sudo cp ./self-signed.crt /usr/local/share/ca-certificates/
zalmang@zalman:~/certs$ sudo update-ca-certificates
Updating certificates in /etc/ssl/certs...
rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
zalmang@zalman:~/certs$ curl https://self-signed.badssl.com
curl: (60) SSL certificate problem: self-signed certificate
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
zalmang@zalman:~/certs$ curl -k https://self-signed.badssl.com
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="shortcut icon" href="/icons/favicon-red.ico"/>
<link rel="apple-touch-icon" href="/icons/icon-red.png"/>
<title>self-signed.badssl.com</title>
<link rel="stylesheet" href="/style.css">
<style>body { background: red; }</style>
</head>
<body>
<div id="content">
<h1 style="font-size: 12vw;">
self-signed.<br>badssl.com
</h1>
</div>
</body>
</html>
答案1
首先:
echo 'self-signed.crt' | sudo tee -a /etc/ca-certificates.conf
然后你可以 :
sudo update-ca-certificates