我正在尝试配置 GCP 安全 Web 代理https://cloud.google.com/secure-web-proxy/docs/overview。代理的 IP 为:10.10.0.16。除此之外,它还有一个本地 DNS 区域 proxy.carecode.lan,可解析为 10.10.0.16。
执行这个curl -x https://proxy.carecode.lan:443 https://globo.com -v --proxy-insecure,有效。
执行后:curl -x https://proxy.carecode.lan:443 https://globo.com -v,我得到:
* Trying 10.10.0.16:443...
* Connected to proxy.carecode.lan (10.10.0.16) port 443 (#0)
* ALPN: offers http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: self-signed certificate
* Closing connection 0
curl: (60) SSL certificate problem: self-signed certificate
More details here: https://curl.se/docs/sslcerts.html
它指出问题是由自签名证书引起的。我对此很菜鸟,但我已按照以下步骤操作:https://community.workspot.com/gcp-150/setting-up-gcp-secure-web-proxy-1088。
我已经创建了一个认证机构,如下所示:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
29:fb:16:5c:42:76:de:03:a6:a5:73:2d:3f:26:c2:a9:06:d7:66:23
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = proxy.carecode.lan
Validity
Not Before: Mar 13 02:36:18 2024 GMT
Not After : Mar 13 02:36:18 2025 GMT
Subject: CN = proxy.carecode.lan
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:af:38:07:eb:37:a6:68:a1:aa:11:4e:f2:6f:
fb:87:d1:51:46:36:70:b1:87:9e:4d:81:4b:ae:8e:
15:8e:6e:bb:58:b8:24:31:31:7b:86:3b:6a:ea:f8:
b3:c9:34:0c:d0:0a:d5:34:fa:48:1d:ad:17:87:38:
e8:30:ee:72:93:a9:8c:9b:78:e0:df:32:e6:89:f3:
fa:4b:72:f5:26:d1:01:33:ed:6d:58:75:11:74:55:
93:7c:c4:85:53:15:70:d4:f9:9f:1d:5b:8d:27:32:
0a:8c:72:d9:cf:5a:37:a4:b7:69:a2:42:89:5a:ce:
dd:69:f9:aa:a2:82:57:69:29:08:df:37:4b:16:a3:
fe:20:fb:c4:bd:72:70:62:3e:a4:d8:8a:96:d5:7e:
43:66:54:b2:96:7b:d0:36:cc:92:b7:36:6d:f8:cb:
2e:83:89:bb:d4:ff:84:52:b3:2f:39:75:44:d8:f4:
d8:bb:b1:f5:cd:6d:6c:cb:e6:18:6a:c3:ae:81:b8:
db:30:63:dd:1e:e6:51:83:26:1f:52:94:88:47:9f:
75:1c:70:c8:e8:60:98:34:b6:66:7b:0d:15:9a:e0:
3f:bf:90:2d:0f:34:13:ba:13:0b:37:e5:37:d7:a6:
a2:90:08:b8:5a:ac:cc:43:67:b4:58:24:11:f4:d1:
39:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:AC:19:0D:FA:CB:7F:1E:DA:76:33:90:C3:2F:2C:F0:88:72:D0:D8
X509v3 Authority Key Identifier:
keyid:96:AC:19:0D:FA:CB:7F:1E:DA:76:33:90:C3:2F:2C:F0:88:72:D0:D8
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Alternative Name:
DNS:proxy.carecode.lan
Signature Algorithm: sha256WithRSAEncryption
31:4e:79:26:ec:84:a6:26:f2:c3:c1:84:03:8c:43:13:a1:4c:
3d:a8:ae:d0:78:d0:8e:83:2a:e9:a4:38:8c:26:ba:9c:88:d5:
ab:68:2a:25:58:3c:61:59:6d:f6:3b:06:35:be:8c:58:0c:5d:
e8:85:dd:6b:ee:d2:bd:62:33:5f:c3:24:cf:bc:3e:c7:52:86:
ab:3d:2c:e5:f8:74:72:ff:f2:40:20:29:38:ce:f0:22:1f:c4:
8d:01:83:14:df:9e:8e:87:d0:63:86:28:c8:5c:c1:d8:05:64:
de:be:52:df:6a:51:96:f8:bd:d1:e6:d3:24:9e:25:ad:08:a5:
79:74:e4:f8:6e:6b:2f:35:32:83:5f:55:6c:32:93:d1:c0:00:
49:7e:3c:4f:87:90:3f:95:ea:87:2c:12:e5:75:e1:18:7e:50:
e9:2c:76:49:1b:0b:37:ea:24:03:cc:fc:ff:78:4d:ff:82:5e:
24:f6:44:0b:7e:15:66:80:b2:bb:8c:a6:5e:4d:45:e7:fd:5f:
5f:10:71:48:28:ea:7c:78:09:a1:11:cb:c6:af:49:dd:87:31:
c9:d2:bb:a1:67:d4:b5:43:63:f9:2e:32:cc:9c:f9:f3:36:fb:
e8:fc:48:1e:77:08:85:ea:71:2c:26:b5:31:c7:34:d4:a7:5e:
5b:bf:29:0d
有人知道这个吗?