帮助信任自签名证书

tag-icon tag-icon ssl certificates
帮助信任自签名证书

我正在尝试了解如何让 Ubuntu 信任自签名证书。我正在使用网站https://badssl.com/(具体来说,https://self-signed.badssl.com)。

通过 Chrome 导出证书。(我检查过了。生成的文件是一个很好的 .pem 文件。)

我将该文件命名为 self-signed.crt。

我将文件添加到/usr/local/share/ca-certificates/

运行sudo update-ca-certificates。(输出确认证书已添加且没有错误。)

但是,当我运行时curl https://self-signed.badssl.com,它会报告一个自签名证书。

(当我运行时,curl -k https://self-signed.badssl.com它运行良好。

如果有人想尝试,我会附上自签名证书。

非常感谢您的帮助。

下面是我的 shell 的日志

zalmang@zalman:~/certs$ cat self-signed.crt
-----BEGIN CERTIFICATE-----
MIIDhDCCAmygAwIBAgIUda+Ilih74Elv5BmHvQIw/YnxPuwwDQYJKoZIhvcNAQEL
BQAwYjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcM
DVNhbiBGcmFuY2lzY28xDzANBgNVBAoMBkJhZFNTTDEVMBMGA1UEAwwMKi5iYWRz
c2wuY29tMB4XDTI0MDIyMTIxMjgzMloXDTI2MDIyMDIxMjgzMlowYjELMAkGA1UE
BhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lz
Y28xDzANBgNVBAoMBkJhZFNTTDEVMBMGA1UEAwwMKi5iYWRzc2wuY29tMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1d+kF6K5ZveCuMPUtCZ18dml3JPG
aTgwAvJtjXjgXJFCKscf1oQu8xIQA7XMBPBLEsSRfT0KbZIrLRqOfWnQY4kmHiZb
4upgGDSw2JA9+je7cr6GzIBcPFtZ97Ne/xFD2hVUL9vzTWRYh2/BUACvfyLos2Co
g2kY5GiA88banqGRwNPlOEI15zeoy02D1bYPbTGoE6MisTRQPR6cb9tuGwBGbroO
epd+HVN10mOqwMbez9BY9AkVCBZOuXrZuBE06UljKctt2KnzWCvZCa0oyucFpegy
Qi/3l5DEvx+RzmGrKo7RCnxPjVTEbjnPqupNuiE+SquQivvOeX5Gx2/wlwIDAQAB
ozIwMDAjBgNVHREEHDAaggwqLmJhZHNzbC5jb22CCmJhZHNzbC5jb20wCQYDVR0T
BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAFf6rKOt6cbZG+EbffpmAA1khL6SB1bFa
GpToS1oXG59a57XZIMDU1opWJru+8pVcA2ZXhCWBfFYfE7XGoST++QtbPTxBbyQU
kMUY8p1n+tleVlQRZJLTNU7VzkAJBUvwoFPAmDp6bLgaFQe7OeuUDbcWQWlhBQGj
V/BTsaqdR61NoPDQun8PMhc0ryPbYzvSxrJZuGVusrC6m2igtcbc2fAQG+S66nd2
f34bgBA9Z1Uek80K94Dg8Ho8l3LzaL6AVZrijrz7TYc9tdE3l9MtASlB+3yn9xrq
XEsNn7Hecv3MRShNLN8U2njh53KnMcr/v0Jdof1pRy53/mBs0owh6Q==
-----END CERTIFICATE-----
zalmang@zalman:~/certs$ sudo cp ./self-signed.crt /usr/local/share/ca-certificates/
zalmang@zalman:~/certs$ sudo update-ca-certificates
Updating certificates in /etc/ssl/certs...
rehash: warning: skipping ca-certificates.crt,it does not contain exactly one certificate or CRL
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
zalmang@zalman:~/certs$ curl https://self-signed.badssl.com
curl: (60) SSL certificate problem: self-signed certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
zalmang@zalman:~/certs$ curl -k https://self-signed.badssl.com
<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <link rel="shortcut icon" href="/icons/favicon-red.ico"/>
  <link rel="apple-touch-icon" href="/icons/icon-red.png"/>
  <title>self-signed.badssl.com</title>
  <link rel="stylesheet" href="/style.css">
  <style>body { background: red; }</style>
</head>
<body>
<div id="content">
  <h1 style="font-size: 12vw;">
    self-signed.<br>badssl.com
  </h1>
</div>

</body>
</html>

答案1

首先: echo 'self-signed.crt' | sudo tee -a /etc/ca-certificates.conf

然后你可以 : sudo update-ca-certificates

相关内容