问题描述
我有一个使用自签名证书运行的烧瓶应用程序.我可以使用以下方法发送 curl 请求:
I have a flask application running using a self signed certificate. I'm able to send in a curl request using:
curl -v -k -H "Content-Type: application/json" -d '{"data":"value1","key":"value2"}' https://<server_ip>:<port>
详细日志显示一切正常.
The verbose logs show that everything went alright.
我想避免使用 -k (--insecure) 选项,而是指定 curl 可以使用的 .pem 文件.查看 curl 手册页,我发现您可以使用 --cert 选项执行此操作.所以我用这个创建了一个 .pem 文件:
I wanted to avoid using the -k (--insecure) option and instead specify a .pem file that curl could use. Looking at the curl man page I found that you could do this using the --cert option.So I created a .pem file using this:
openssl rsa -in server.key -text > private.pem
在使用 private.pem 文件时,CURL 向我抛出此错误:
CURL throws me this error when using the private.pem file:
curl: (58) unable to use client certificate (no key found or wrong pass phrase?)
有什么建议吗?- 或者这只能通过正确签名的证书来实现?
Any suggestions? - or is this only possible with a properly signed certificate?
Tnx
推荐答案
这只是这个问题的另一个版本:使用openssl从服务器获取证书
This is just another version of this question: Using openssl to get the certificate from a server
或者更直白地说:
使用 curl --cert 是错误的,它用于客户端证书.
Using curl --cert is wrong, it is for client certificates.
首先,获取您的服务器正在使用的证书:
First, get the the certs your server is using:
$ echo quit | openssl s_client -showcerts -servername server -connect server:443 > cacert.pem
(-servername
是 SNI 所必需的,以便您获得正确的虚拟服务器证书)
(-servername
is necessary for SNI so that you get the right virtual server's certificate back)
然后让您的 curl 命令行使用该设置在后续操作中验证服务器:
Then make your curl command line use that set to verify the server in subsequent operations:
$ curl --cacert cacert.pem https://server/ [and the rest]
这篇关于将自签名证书与 cURL 一起使用?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!