问题描述
我对这样做很陌生,但我已经通过执行一些设置步骤来调用服务,在我的机器上获取/安装了一个客户端证书。现在我需要使用这个相同的证书来调用这个服务的 API。这样做的目的是用于集成/负载测试。使用 .net Cert 库,我能够生成证书 cert.pem 和 rsa 私钥 cert-key.pem 文件。
但是现在,如果我尝试 curl 请求(或服务器上任何与 http 相关的库请求),我会收到“证书未知”。我不完全明白这是什么意思。证书链的所有部分都安装在我的机器上。
最终,我想使用这个框架执行相同的步骤:https://k6.io/docs/using-k6/protocols/ssl-tls/ssl-tls-client-certificates/
这是我运行的示例命令:curl -v -XPOST --cert .\cert.pem --key .\cert-key.pem -d '{}' 'https://example.com:443/myapi'
...
* ALPN,offering h2
* ALPN,offering http/1.1
* successfully set certificate verify locations:
* CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
* CApath: none
* TLSv1.3 (OUT),TLS handshake,Client hello (1):
* TLSv1.3 (IN),Server hello (2):
* TLSv1.2 (IN),Certificate (11):
* TLSv1.2 (IN),Server key exchange (12):
* TLSv1.2 (IN),Request CERT (13):
* TLSv1.2 (IN),Server finished (14):
* TLSv1.2 (OUT),Certificate (11):
* TLSv1.2 (OUT),Client key exchange (16):
* TLSv1.2 (OUT),CERT verify (15):
* TLSv1.2 (OUT),TLS change cipher,Change cipher spec (1):
* TLSv1.2 (OUT),Finished (20):
* TLSv1.2 (IN),Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN,server accepted to use h2
* Server certificate:
* subject: CN=example.com
* start date: Nov 18 19:56:53 2020 GMT
* expire date: Nov 18 19:56:53 2021 GMT
* subjectAltName: host "example.com" matched cert's "example.com"
* issuer: C=US; O=Corporation; CN=example
* SSL certificate verify ok.
* Using HTTP2,server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x161396be140)
> POST /myapi HTTP/2
> Host: example:443
> user-agent: curl/7.73.0
> accept: */*
> content-length: 2
> content-type: application/x-www-form-urlencoded
>
* TLSv1.2 (IN),TLS alert,certificate unkNown (558):
* OpenSSL SSL_read: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unkNown,errno 0
* Failed receiving HTTP2 data
* OpenSSL SSL_write: SSL_ERROR_ZERO_RETURN,errno 0
* Failed sending HTTP2 data
* Connection #0 to host example left intact
curl: (56) OpenSSL SSL_read: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unkNown,errno 0
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)