Linux Openssl:错误“证书链中的自签名证书”
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/12180552/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Openssl : error "self signed certificate in certificate chain"
提问by Lunar Mushrooms
When I used openssl APIs to validate server certificate (self signed), I got following error :
当我使用 openssl API 验证服务器证书(自签名)时,出现以下错误:
error 19 at 1 depth lookup:self signed certificate in certificate chain
1 次深度查找时出现错误 19:证书链中的自签名证书
As per openssl documentation, this error (19) is
根据 openssl文档,此错误 (19) 是
"X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain - the certificate chain could be built up using the untrusted certificates but the root could not be found locally."
“X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:证书链中的自签名证书 - 可以使用不受信任的证书构建证书链,但无法在本地找到根。”
Why this error occurs ? Any problems with my server certificate ?
为什么会出现这个错误?我的服务器证书有问题吗?
采纳答案by Eitan T
You have a certificate which is self-signed, so it's non-trustedby default, that's why OpenSSL complains. This warning is actually a good thing, because this scenario might also rise due to a man-in-the-middle attack.
您有一个自签名证书,因此默认情况下它不受信任,这就是 OpenSSL 抱怨的原因。这个警告实际上是一件好事,因为这种情况也可能由于中间人攻击而上升。
To solve this, you'll need to install it as a trusted server. If it's signed by a non-trusted CA, you'll have to install that CA's certificate as well.
要解决此问题,您需要将其安装为受信任的服务器。如果它由不受信任的 CA 签名,则您还必须安装该 CA 的证书。
Have a look at this linkabout installing self-signed certificates.
查看有关安装自签名证书的链接。
回答by Vadzim
Here is one-liner to verify certificate chain:
这是验证证书链的单行:
openssl verify -verbose -x509_strict -CAfile ca.pem cert_chain.pem
openssl verify -verbose -x509_strict -CAfile ca.pem cert_chain.pem
This doesn't require to install CA anywhere.
这不需要在任何地方安装 CA。
See How does an SSL certificate chain bundle work?for details.
请参阅SSL 证书链捆绑包如何工作?详情。
回答by lalithsagar
The solution for the error is to add this line at the top of the code:
错误的解决方法是在代码顶部添加这一行:
process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
回答by kemicofa ghost
If you're running Charlesand trying to build a dockercontainer then you'll most likely get this error.
如果您正在运行Charles并尝试构建docker容器,那么您很可能会收到此错误。
Make sure to disable Charles (macos) proxy under proxy -> macOS proxy
确保在下面禁用 Charles (macos) 代理 proxy -> macOS proxy
Charles is an
查尔斯是一个
HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP and SSL / HTTPS traffic between their machine and the Internet.
HTTP 代理/HTTP 监视器/反向代理,使开发人员能够查看其机器与 Internet 之间的所有 HTTP 和 SSL/HTTPS 流量。
So anything similar may cause the same issue.
所以任何类似的事情都可能导致同样的问题。