我正在尝试在 Ubuntu 18.04 服务器上使用 PCKS12 客户端证书。curl 7.58.0
我的 证书信息是:OpenSSL 1.1.1
~# openssl pkcs12 -info -in cert.p12 -noout -nomacver
Enter Import Password:
MAC: sha1, Iteration 1
MAC length: 20, salt length: 8
PKCS7 Encrypted data: pbeWithSHA1And40BitRC2-CBC, Iteration 2048
Certificate bag
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
当我尝试像这样将它与 curl 一起使用时:
curl --cert-type P12 --cert cert.p12:******* https://server.com
我明白了
curl: (58) could not load PKCS12 client certificate, OpenSSL error error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak
我怎样才能让 curl/openssl 接受此证书?
我试过了--insecure
,但--tlsv1.0
都没有用。
编辑
的输出openssl pkcs12 -in cert.p12 -nokeys | openssl x509 -text -noout
为:
Enter Import Password:
MAC verified OK
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1558524593 (0x5ce532b1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=IR, ST=Tehran, O=IPM, OU=IRNIC dotIR ccTLD, CN=IRNIC department/[email protected]
Validity
Not Before: May 22 11:29:53 2019 GMT
Not After : Nov 22 11:29:53 2019 GMT
Subject: C=IR, ST=Tehran, L=Tehran, O=Hamid Reza Naeini, OU=Hamid Reza Naeini, CN=da74-irnic,T234/[email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:de:57:fa:8c:7f:44:18:87:58:04:73:91:be:1a:
f4:5d:63:22:7c:79:a8:b8:7c:af:13:91:39:6e:11:
5d:f6:e7:70:13:d0:0f:9c:38:90:f5:13:da:c1:d1:
5d:73:8b:85:d0:00:bf:0f:ad:c3:e4:a3:91:87:51:
10:e2:b8:3b:03:fe:44:82:7b:4f:e4:b2:29:43:9c:
bb:33:7d:1d:2b:81:76:55:1d:69:57:fe:ac:ec:0f:
a6:4c:ec:4b:a1:0c:10:63:f5:ec:c7:1f:8a:68:e9:
95:7a:4c:22:21:47:5f:50:22:e8:c9:60:b2:c2:89:
5c:da:73:df:b1:e3:bf:66:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:F0:CE:06:33:DD:40:3B:69:F2:97:89:43:EF:8D:12:BB:88:E7:2A
X509v3 Authority Key Identifier:
keyid:FC:D4:95:B1:9E:AD:B8:1B:94:09:3B:77:A1:CF:09:D7:F5:D6:BE:BE
DirName:/C=IR/ST=Tehran/O=IPM/OU=IRNIC dotIR ccTLD/CN=IRNIC department/[email protected]
serial:AF:4A:3A:99:D9:CE:99:C1
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: md5WithRSAEncryption
88:a7:d8:8e:63:6f:15:69:cd:45:31:8b:2e:14:f1:48:bf:66:
24:33:b5:ef:6d:5f:75:8b:31:f2:94:09:b6:c2:72:87:09:b8:
31:4c:8b:c5:8d:b0:03:f3:70:91:63:fc:ed:52:19:62:31:98:
82:e4:e9:e8:14:2a:c9:6c:ca:fc:3f:d6:e0:fc:d2:94:82:88:
4e:0b:5a:77:74:19:de:99:17:e8:ba:c9:58:b9:6f:d9:e6:c9:
f6:de:26:e7:6e:2e:02:4d:f9:2c:6b:e2:1f:9f:0a:7a:35:d0:
5e:9c:cd:09:74:fa:df:a4:c8:5a:42:82:91:8c:6f:68:a9:06:
14:51:1f:22:46:8f:0b:db:13:1d:17:bc:b2:c1:fd:41:5b:5b:
2b:57:9c:cf:a8:7f:64:2a:4b:6e:a6:e6:37:c4:b0:3b:ef:11:
df:90:d3:b7:65:aa:40:40:f4:cd:d1:87:4d:22:20:4b:4b:13:
bc:e8:14:79:c5:a9:14:6d:6e:6b:22:8e:21:27:44:26:23:8d:
a0:2f:38:21:03:7f:cd:e1:cb:dc:51:d7:a5:a5:87:af:a3:65:
d1:a3:7c:84:78:43:c6:74:40:fe:fd:97:5c:23:ad:ec:5f:a1:
ef:05:89:ac:5c:85:20:74:17:f9:95:cf:66:30:73:ec:04:0f:
41:67:8c:3a
答案1
令人惊讶的是,你可以降级你的操作系统以使用旧版本的 curl,而且没问题!我们使用 Ubuntu 16.04 而不是 19.10,我们可以连接到 nic 服务器。