OpenConnect 证书验证失败:未找到签名者

OpenConnect 证书验证失败:未找到签名者

在 Arch Linux 上。

学校要求使用 VPN。已安装OpenConnect,运行如下

openconnect vpn.xyz.edu

我得到以下输出

POST https://vpn.xyz.edu/
Attempting to connect to server xxx.xxx.xxx.xxx
Connected to xxx.xxx.xxx.xxx
SSL negotiation with vpn.xyz.edu
Server certificate verify failed: signer not found

Certificate from VPN server "vpn.xyz.edu" failed verification.
Reason: signer not found
To trust this server in future, perhaps add this to your command line:
    --servercert pin-sha256:QY6jkD6lYNKQPM+m7wVLb7mMp1TflU8x6lKD6ULD2gA=
Enter 'yes' to accept, 'no' to abort; anything else to view:

我再次尝试命令并附加 --servercert pin

openconnect vpn.xyz.edu --servercert=pin-sha256:QY6jkD6lYNKQPM+m7wVLb7mMp1TflU8x6lKD6ULD2gA=

我得到以下输出

POST https://vpn.xyz.edu/
Attempting to connect to server xxx.xxx.xxx.xxx
Connected to xxx.xxx.xxx.xxx
SSL negotiation with vpn.xyz.edu
Server certificate verify failed: signer not found
Connected to HTTPS on vpn.xyz.edu with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA512)-(AES-256-GCM)
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Transfer-Encoding: chunked
Cache-Control: no-store
Pragma: no-cache
Connection: Keep-Alive
Date: Sat, 12 Mar 2022 05:58:01 GMT
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'
X-Aggregate-Auth: 1
HTTP body chunked (-2)
XML response has no "auth" node
GET https://vpn.xyz.edu/
Attempting to connect to server xxx.xxx.xxx.xxx
Connected to xxx.xxx.xxx.xxx
SSL negotiation with vpn.xyz.edu
Server certificate verify failed: signer not found
Connected to HTTPS on vpn.xyz.edu with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA512)-(AES-256-GCM)
Got HTTP response: HTTP/1.0 302 Object Moved
Content-Type: text/html; charset=utf-8
Content-Length: 0
Cache-Control: no-store
Pragma: no-cache
Connection: Close
Date: Sat, 12 Mar 2022 05:58:01 GMT
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'
Location: /+webvpn+/index.html
Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
HTTP body length:  (0)
GET https://vpn.xyz.edu/+webvpn+/index.html
SSL negotiation with vpn.xyz.edu
Server certificate verify failed: signer not found
Connected to HTTPS on vpn.xyz.edu with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA512)-(AES-256-GCM)
Got HTTP response: HTTP/1.1 200 OK
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: text/xml; charset=utf-8
Cache-Control: no-store
Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpn_as=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnlogin=1; secure
X-Transcend-Version: 1
HTTP body chunked (-2)
Please enter your username and password.
Username:

我输入用户名和密码提示

Please enter your username and password.
Username:johndoe
Password:

看起来似乎成功了,但是服务器证书验证失败再次弹出并重新提示我输入用户名和密码。

POST https://vpn.xyz.edu/
Attempting to connect to server xxx.xxx.xxx.xxx
Connected to xxx.xxx.xxx.xxx
SSL negotiation with vpn.xyz.edu
Server certificate verify failed: signer not found
Connected to HTTPS on vpn.xyz.edu with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA512)-(AES-256-GCM)
Got HTTP response: HTTP/1.1 200 OK
Content-Type: text/xml; charset=utf-8
Transfer-Encoding: chunked
Cache-Control: no-store
Pragma: no-cache
Connection: Keep-Alive
Date: Sat, 12 Mar 2022 06:03:59 GMT
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'
X-Aggregate-Auth: 1
HTTP body chunked (-2)
XML response has no "auth" node
GET https://vpn.xyz.edu/
Attempting to connect to server xxx.xxx.xxx.xxx
Connected to xxx.xxx.xxx.xxx
SSL negotiation with vpn.xyz.edu
Server certificate verify failed: signer not found
Connected to HTTPS on vpn.xyz.edu with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA512)-(AES-256-GCM)
Got HTTP response: HTTP/1.0 302 Object Moved
Content-Type: text/html; charset=utf-8
Content-Length: 0
Cache-Control: no-store
Pragma: no-cache
Connection: Close
Date: Sat, 12 Mar 2022 06:03:59 GMT
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'
Location: /+webvpn+/index.html
Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
HTTP body length:  (0)
GET https://vpn.xyz.edu/+webvpn+/index.html
SSL negotiation with vpn.xyz.edu
Server certificate verify failed: signer not found
Connected to HTTPS on vpn.xyz.edu with ciphersuite (TLS1.2)-(ECDHE-SECP256R1)-(RSA-SHA512)-(AES-256-GCM)
Got HTTP response: HTTP/1.1 200 OK
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: text/xml; charset=utf-8
Cache-Control: no-store
Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpn_as=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnlogin=1; secure
X-Transcend-Version: 1
HTTP body chunked (-2)
Please enter your username and password.
Username:johndoe
Password:
POST https://vpn.xyz.edu/+webvpn+/index.html
Got HTTP response: HTTP/1.1 200 OK
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob:; frame-ancestors 'self'
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: text/xml; charset=utf-8
Cache-Control: no-store
Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpn_as=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnlogin=1; secure
X-Transcend-Version: 1
HTTP body chunked (-2)
Please enter your username and password.
Username:

我再次输入用户名和密码,它又重复了。但有时它不会重复,而只是显示邮政请求,没有进一步的输出。

Please enter your username and password.
Username:johndoe    
Password:
POST https://vpn.xyz.edu/+webvpn+/index.html

我尝试在 Google 上搜索错误,但相关帖子没有太大帮助,因为我刚接触 VPN,不知道认证如何工作,也不知道“签名者”是什么。如能提供任何解释,我将不胜感激。

内核:5.16.13-arch1-1

网络管理器:iwd

笔记本电脑型号:华硕 M16 GU603

相关内容