我创建了一个 rest api 项目,并尝试使用 curl 访问 https 端点,如下所示:
$ dotnet new angular
$ curl -I -X GET 'https://localhost:5001/api/SampleData/WeatherForecasts'
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
我在 Google 上搜索了一下,以下是从 dotnet 中提取证书并将其添加到我的受信任 CA 证书存储库所采取的步骤:
这是我尝试添加证书的方法
# export netcore development certificate
$ dotnet dev-certs https -ep ~/tmp/localhost.pfx -p somepassword
# convert it to crt
$ openssl pkcs12 -in ~/tmp/localhost.pfx -clcerts -nokeys -out ~/tmp/localhost.crt
# copy to a folder in /usr/local/share/ca-certificates/
$ cd /usr/local/share/ca-certificates/
$ sudo mkdir dotnet_devel
$ sudo chmod -R 755 dotnet_devel
$ mkdir dotnet_devel
$ cd dotnet_devel
$ sudo cp ~/tmp/localhost.crt .
$ sudo chmod -R 644 localhost.crt
# update CA trusted certificates repository
$ sudo update-ca-certificates
Updating certificates in /etc/ssl/certs...
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
Adding debian:localhost.pem
done.
done.
我还尝试像这样设置 CURL_CA_BUNDLE 环境变量:
$ export CURL_CA_BUNDLE=/usr/local/share/ca-certificates/dotnet_devel/localhost.crt
我不断收到相同的 curl 错误,而且 Firefox 和 Chrome 告诉我连接不安全
附加信息:
$ dotnet --info
.NET Core SDK (reflecting any global.json):
Version: 2.2.203
Commit: e5bab63eca
Runtime Environment:
OS Name: ubuntu
OS Version: 18.04
OS Platform: Linux
RID: ubuntu.18.04-x64
$ curl --version
curl 7.58.0 (x86_64-pc-linux-gnu) libcurl/7.58.0 OpenSSL/1.1.0g zlib/1.2.11 libidn2/2.0.4 libpsl/0.19.1 (+libidn2/2.0.4) nghttp2/1.30.0 librtmp/2.3
Release-Date: 2018-01-24
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL
参考:
https://askubuntu.com/questions/645818/how-to-install-certificates-for-command-line/649463#649463
https://github.com/aspnet/AspNetCore/issues/7246#issue-406461992
答案1
您没有显示输出,openssl validate localhost.crt但我认为您可能会受到此问题的影响:https://github.com/openssl/openssl/issues/1418。我通过手动创建证书解决了这个问题:https://stackoverflow.com/a/59702094/3167480。