如何信任CentOS 7/8上的自签名SSL?
我正在本地主机上为nginx使用自签名证书。我正在使用OpenSSL的最新版本来实现这一点。这是配置文件如何信任CentOS 7/8上的自签名SSL?,ssl,openssl,centos7,Ssl,Openssl,Centos7,我正在本地主机上为nginx使用自签名证书。我正在使用OpenSSL的最新版本来实现这一点。这是配置文件 localhost.conf [req] default_bits = 2048 default_keyfile = localhost.key distinguished_name = req_distinguished_name req_extensions = req_ext x509_extensions = v3_ca [req_distingu
localhost.conf
[req]
default_bits = 2048
default_keyfile = localhost.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_ca
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Rochester
localityName = Locality Name (eg, city)
localityName_default = Rochester
organizationName = Organization Name (eg, company)
organizationName_default = localhost
organizationalUnitName = organizationalunit
organizationalUnitName_default = Development
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = localhost
commonName_max = 64
[req_ext]
subjectAltName = @alt_names
[v3_ca]
subjectAltName = @alt_names
[alt_names]
DNS.1 = localhost
DNS.2 = 127.0.0.1
我使用的命令如下:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout localhost.key -out localhost.crt -config localhost.conf -passin pass:YourSecurePassword
将生成一个新的localhost.pfx文件。然后我运行下面的命令来生成证书和私钥
sudo openssl pkcs12 -export -out localhost.pfx -inkey localhost.key -in localhost.crt
现在,我在CENTOS 8上使用nginx在本地主机服务器上使用私钥和证书。当我卷曲进入主机,即,我得到以下错误
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
现在,我将localhost.crt文件放入/etc/pki/ca trust/source/anchors文件夹中,并运行以下命令:
update-ca-trust enable
update-ca-trust extract
然而,服务器仍然给我同样的错误!如何信任自签名SSL证书