搜尋

首頁  >  問答  >  主體

apache - openssl s_client -connect www.verisign.com:443 錯誤無法取得本機頒發者憑證

雷雷
ringa_leeringa_lee2782 天前3988

全部回覆(3)我來回復

  • 怪我咯

    怪我咯2017-05-16 17:05:54

    把 Server certificate這一部分拷貝出來,就是

    -----BEGIN CERTIFICATE-----
    MIIG0jCCBbqgAwIBAgIQRHT74McgkNIJ4CcjNXxCZzANBgkqhkiG9w0BAQUFADCB
    vjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
    ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
    YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMv
    VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0Ew
    HhcNMTQwMTE2MDAwMDAwWhcNMTYwMTE2MjM1OTU5WjCCASYxEzARBgsrBgEEAYI3
    PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVsYXdhcmUxHTAbBgNVBA8TFFBy
    aXZhdGUgT3JnYW5pemF0aW9uMRAwDgYDVQQFEwcyMTU4MTEzMQswCQYDVQQGEwJV
    UzEOMAwGA1UEERQFOTQwNDMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcU
    DU1vdW50YWluIFZpZXcxGTAXBgNVBAkUEDM1MCBFbGxpcyBTdHJlZXQxHTAbBgNV
    BAoUFFN5bWFudGVjIENvcnBvcmF0aW9uMSQwIgYDVQQLFBtJbmZyYXN0cnVjdHVy
    ZSBPcGVyYXRpb25zICAxGTAXBgNVBAMUEHd3dy52ZXJpc2lnbi5jb20wggEiMA0G
    CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrG90iUEhTlnwtoAfqXUHUPBQo3JEK
    BWEewf8/71RFR0O6J5mxF88ODxs/HRGK1wrd8WClqnhMBsvITNB9m+escDpBWpwG
    NZp4TaYW9HxxtZ7heaeJjso8M/k3NHdXuFsuPw5L8xxOv9aI0H87LMmImenLxCRm
    pJQNAKe+jfNTqpuK1tUEYdLzR0n4u76ZDcGSYSplbCjLcamLTHAhijQQWiUgWC0f
    Unm4z2zyzT4QwzXIfuf7BCSLfCGY3/KuKO4vybtiUg6ALqMW3JjA149r6DHjIkib
    wq2wJhFnspm74y0wJq3GE5avUyUrz8XoXexSJPTRuz6jyVayEXeDZvcJAgMBAAGj
    ggJfMIICWzCB1QYDVR0RBIHNMIHKghB3d3cudmVyaXNpZ24uY29tggx2ZXJpc2ln
    bi5jb22CEHd3dy52ZXJpc2lnbi5uZXSCDHZlcmlzaWduLm5ldIIRd3d3LnZlcmlz
    aWduLm1vYmmCDXZlcmlzaWduLm1vYmmCD3d3dy52ZXJpc2lnbi5ldYILdmVyaXNp
    Z24uZXWCFWZvcm1zLndzLnN5bWFudGVjLmNvbYINc3NscmV2aWV3LmNvbYIRd3d3
    LnNzbHJldmlldy5jb22CD3d3dy5zeW1hdXRoLmNvbTAJBgNVHRMEAjAAMA4GA1Ud
    DwEB/wQEAwIFoDAoBgNVHSUEITAfBggrBgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG
    +EIEATBEBgNVHSAEPTA7MDkGC2CGSAGG+EUBBxcGMCowKAYIKwYBBQUHAgEWHGh0
    dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMwHQYDVR0OBBYEFFhbQy8r9duhEyHt
    180crp3UFY8gMB8GA1UdIwQYMBaAFE5DyB127zdTek/yWG+U8zji1b3fMD4GA1Ud
    HwQ3MDUwM6AxoC+GLWh0dHA6Ly9FVkludGwtY3JsLnZlcmlzaWduLmNvbS9FVklu
    dGwyMDA2LmNybDB2BggrBgEFBQcBAQRqMGgwKwYIKwYBBQUHMAGGH2h0dHA6Ly9F
    VkludGwtb2NzcC52ZXJpc2lnbi5jb20wOQYIKwYBBQUHMAKGLWh0dHA6Ly9FVklu
    dGwtYWlhLnZlcmlzaWduLmNvbS9FVkludGwyMDA2LmNlcjANBgkqhkiG9w0BAQUF
    AAOCAQEAPSZt7qa0z7AbV78LQ20T2c587Pb389khyLLyxQSx/nKqtYIs0sH9qvsd
    rqEk3ThUYbTfI4Owh0a87uCCpBTPf/1c1581waHoId7VibSq3IwR71RPhSJu9zmL
    J/GSjs/NWcVgbpUI7JRQlyqffVmMn3w3La/NZBSXspFSMzmDG0G+hUZJJYPabrfi
    nsedFav2e5BihDgGISbMhxeXGuSsQYLbOF8B9JPUwgBnDCO6IgKGeww+Zb3Uh1FB
    mCydpZlP4Qn8tkaegGMXtlv4rzdt7wtKpELSbhotQHlWr06hD9XUlh7UOBvShhM7
    UDhMFUQ0HjLf/9A11pb71CRaoHfFbQ==
    -----END CERTIFICATE-----

    存成CA.cert
    openssl s_client -CAfile CA.cert -connect www.verisign.com:443

    回覆
    0
  • 伊谢尔伦

    伊谢尔伦2017-05-16 17:05:54

    <VirtualHost _default_:443> 
        SSLProxyEngine on 
        SSLEngine on 
        #SSLSessionCacheTimeout  2100 
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP 
        SSLCertificateFile /etc/httpd/common/server.crt 
        SSLCertificateKeyFile /etc/httpd/common/server.key 
        SSLCertificateChainFile /etc/httpd/common/server_intermediate.pem 
        Include conf/conf/xxx.conf 
    </VirtualHost> 
    

    這是我在apache上面的設定文件, 瀏覽器已經認可了證書, 但是用openssl驗證的時候

    CONNECTED(00000003)
    depth=0 ....................
    verify error:num=20:unable to get local issuer certificate
    verify return:1
    depth=0 ........................
    verify error:num=27:certificate not trusted
    verify return:1
    depth=0 ....................
    verify error:num=21:unable to verify the first certificate
    verify return:1
    
    Verify return code: 21 (unable to verify the first certificate)
    

    回覆
    0
  • 漂亮男人

    漂亮男人2017-05-16 17:05:54

    openssl s_client -connect www.verisign.com:443 -CApath /etc/ca-certificates
    

    先弄清楚 SSL/TLS 的具體過程,再看 man s_client

    回覆
    0
  • 取消回覆