我是安全方面的新手,但我正在尝试通过相互身份验证向服务器发送请求。我得到了
- CA pem文件
- 客户端证书 pem 文件
- 私钥pem文件
现在,我正在尝试建立与服务器的连接,但它一直出现 403 错误,我不确定如何从这里进行调试。
使用 cURL 执行以下命令:
curl -H "Content-Type: application/json" -H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36" --cacert ca.pem --key privateKey.pem --cert client.pem https://svc.server.com -d '{}'
显示 http 403 错误的日志
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 222.222.222.222:443...
* Connected to svc.server.com (222.222.222.222) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: ca.pem
* CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [63 bytes data]
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [5573 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [333 bytes data]
* TLSv1.2 (IN), TLS handshake, Request CERT (13):
{ [5482 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Certificate (11):
} [4024 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS handshake, CERT verify (15):
} [264 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=BE; L=Waterloo; O=International Corporated; OU=BIP0 AIDC; CN=svc.server.com
* start date: Apr 7 19:27:43 2020 GMT
* expire date: Jul 6 19:57:43 2022 GMT
* subjectAltName: host "svc.server.com" matched cert's "svc.server.com"
* issuer: C=US; O=Entrust, Inc.; OU=See www.entrust.net/legal-terms; OU=(c) 2012 Entrust, Inc. - for authorized use only; CN=Entrust CA
* SSL certificate verify ok.
} [5 bytes data]
> POST /v1/0/activate HTTP/1.1
> Host: svc.server.com
> Accept: */*
> Content-Type: application/json
> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36
> Content-Length: 2
>
} [2 bytes data]
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 Forbidden
< Content-Type: application/json;charset=UTF-8
< Content-Length: 109
< Date: Fri, 10 Sep 2021 06:55:23 GMT
< Server: Information Not Disclosed
<
{ [109 bytes data]
100 111 100 109 100 2 86 1 0:00:02 0:00:01 0:00:01 87{
"res": "",
"code": "AUTHORIZATION_FAILED",
"description": "Authorization failed."
}
* Connection #0 to host svc.server.com left intact
我也在我的 Windows 客户端机器上安装了证书,服务器团队提到他们这边没有任何问题,因为其他人能够成功发送他们的请求。
此外,不需要进一步的身份验证,只需证书就足够了。
我也检查了跟踪日志并且它似乎是相同的,显示 TLS 握手完成但收到相同的错误。
任何帮助是极大的赞赏。