非自签名证书会导致“由未知机构签名的证书”错误。

huangapple go评论89阅读模式
英文:

Non-self signed certificate gives certificate signed by unknown authority error

问题

我有一个使用由受信任的 CA 颁发的非自签名证书的 API 服务器。当我连接到该服务器时,我收到以下错误信息:

>x509: 证书由未知的授权机构签名

我使用 net/http 库的 golang 客户端进行连接。证书已正确配置,因此我没有收到关于证书的错误投诉。

我没有预料到会出现这个错误,因为我正在使用一个 CA。在使用 web 浏览器时,我没有收到这个错误。

英文:

I have an API server using a non-self signed certificate issued by a respected CA. When I connect to this server I get the following error:

>x509: certificate signed by unknown authority

I connect using a golang client using the net/http library. The certificate is properly configured as I do not get an error complaining about it.

I did not expect this error because I am using a CA. I am not getting the error when using a web browser.

答案1

得分: 1

问题是我没有将中间CA证书传递给HTTP服务器。方法http.ListenAndServeTLS要求在同一个证书文件中包含中间CA证书。

修复方法很简单,只需将您的CA的中间证书添加到您的证书文件中:

<!-- language: lang-none -->

-----BEGIN CERTIFICATE-----
&lt;您自己的证书&gt;
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
&lt;中间CA证书&gt;
-----END CERTIFICATE-----
英文:

The problem was that I did not pass the intermediate CA certificate to the http server. The method http.ListenAndServeTLS requires the intermediate CA certificate in the same certificate file.

The fix was easy, just add the intermediate certificate of your CA in your certificate file:

<!-- language: lang-none -->

-----BEGIN CERTIFICATE-----
&lt;YOUR OWN CERTIFICATE&gt;
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
&lt;INTERMEDIATE CA CERTIFICATE&gt;
-----END CERTIFICATE-----

huangapple
  • 本文由 发表于 2017年2月23日 20:21:25
  • 转载请务必保留本文链接:https://go.coder-hub.com/42415638.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定