英文:
Non-self signed certificate gives certificate signed by unknown authority error
问题
我有一个使用由受信任的 CA 颁发的非自签名证书的 API 服务器。当我连接到该服务器时,我收到以下错误信息:
>x509: 证书由未知的授权机构签名
我使用 net/http
库的 golang 客户端进行连接。证书已正确配置,因此我没有收到关于证书的错误投诉。
我没有预料到会出现这个错误,因为我正在使用一个 CA。在使用 web 浏览器时,我没有收到这个错误。
英文:
I have an API server using a non-self signed certificate issued by a respected CA. When I connect to this server I get the following error:
>x509: certificate signed by unknown authority
I connect using a golang client using the net/http
library. The certificate is properly configured as I do not get an error complaining about it.
I did not expect this error because I am using a CA. I am not getting the error when using a web browser.
答案1
得分: 1
问题是我没有将中间CA证书传递给HTTP服务器。方法http.ListenAndServeTLS
要求在同一个证书文件中包含中间CA证书。
修复方法很简单,只需将您的CA的中间证书添加到您的证书文件中:
<!-- language: lang-none -->
-----BEGIN CERTIFICATE-----
<您自己的证书>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<中间CA证书>
-----END CERTIFICATE-----
英文:
The problem was that I did not pass the intermediate CA certificate to the http server. The method http.ListenAndServeTLS
requires the intermediate CA certificate in the same certificate file.
The fix was easy, just add the intermediate certificate of your CA in your certificate file:
<!-- language: lang-none -->
-----BEGIN CERTIFICATE-----
<YOUR OWN CERTIFICATE>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<INTERMEDIATE CA CERTIFICATE>
-----END CERTIFICATE-----
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论