添加自签名https证书到centos系统信任的问题
From: wiz.cn
Date: 2017-02-22
Peer's certificate issuer has been marked as not trusted by the user
通过 openssl 查看证书信息
[root@localhost ~]# openssl s_client -showcerts -connect gitlab.zw.me:443
CONNECTED(00000003)
depth=0 C = US, ST = Mars, L = iTranswarp, O = iTranswarp, OU = iTranswarp, CN = gitlab.tytech.tianya.cn
verify return:1
---
Certificate chain
0 s:/C=US/ST=Mars/L=iTranswarp/O=iTranswarp/OU=iTranswarp/CN=gitlab.tytech.tianya.cn
i:/C=US/ST=Mars/L=iTranswarp/O=iTranswarp/OU=iTranswarp/CN=gitlab.tytech.tianya.cn
-----BEGIN CERTIFICATE-----
MIICcTCCAdoCCQCfnTl2kYWHyTANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJV
UzENMAsGA1UECAwETWFyczETMBEGA1UEBwwKaVRyYW5zd2FycDETMBEGA1UECgwK
aVRyYW5zd2FycDETMBEGA1UECwwKaVRyYW5zd2FycDEgMB4GA1UEAwwXZ2l0bGFi
LnR5dGVjaC50aWFueWEuY24wHhcNMTcwMTIwMDkwMDM2WhcNMjcwMTE4MDkwMDM2
WjB9MQswCQYDVQQGEwJVUzENMAsGA1UECAwETWFyczETMBEGA1UEBwwKaVRyYW5z
d2FycDETMBEGA1UECgwKaVRyYW5zd2FycDETMBEGA1UECwwKaVRyYW5zd2FycDEg
MB4GA1UEAwwXZ2l0bGFiLnR5dGVjaC50aWFueWEuY24wgZ8wDQYJKoZIhvcNAQEB
BQADgY0AMIGJAoGBALmhKqTIwCDCweTFofvokIaFOtDdlgZeH05JIU/D6JQRpHPd
B1lthNKQ/F9hX54VobccOUIOBJ5TyUYJhrbeuCBriu17anYLyk3583sIaPrbtMU+
ay7a+OxyqQxqw9qZ1/eQkuONOIbUtGt8uYWBGP7HkKm+L3cfxesTwrrQQwChAgMB
AAEwDQYJKoZIhvcNAQEFBQADgYEAp529Hq/acXlynqYR8QUnnTdtsqTbT/nzqc4g
WP1Lc9KGT7FJCIve2qQUC9MsqF19QbXGfXWBde3krRkjGbFI1whlntPrS/Yt8h16
43jU1tsBOS4TVeDYvoRlSts/gTBJq8D7UR1UOjX1obKmbHUR1xV3WYZvpU3AkuDZ
DVtRcfI=
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=Mars/L=iTranswarp/O=iTranswarp/OU=iTranswarp/CN=gitlab.tytech.tianya.cn
issuer=/C=US/ST=Mars/L=iTranswarp/O=iTranswarp/OU=iTranswarp/CN=gitlab.tytech.tianya.cn
---
No client certificate CA names sent
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 1176 bytes and written 375 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: A54CF454615D463CB5B273FC7563FFFDBF0463445B3067512AFF5E73C68D3679
Session-ID-ctx:
Master-Key: 813492CE1FCF4722E15D2E8DF5EDEDBCBD4C2B97F2063BB8A7FD2A4A31DFE13B473B2B69867FF281EE0F555107873661
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 6c d5 f5 ed 19 17 d3 d5-24 63 9c 48 62 5b 34 68 l.......$c.Hb[4h
0010 - 5c c1 8b 4d 8e 96 e0 84-0e b2 24 44 41 45 10 36 \..M......$DAE.6
0020 - e1 95 4c 82 33 55 3d de-ef 2d 26 a3 de ad 52 70 ..L.3U=..-&...Rp
0030 - 04 37 77 c8 e3 24 61 39-6b 70 38 82 84 c9 ca 23 .7w..$a9kp8....#
0040 - 81 22 a0 1d 99 16 9b 2b-64 31 a5 22 06 63 e7 55 .".....+d1.".c.U
0050 - f5 31 06 f8 fc a8 cf b0-80 4c 45 21 e3 10 c7 a4 .1.......LE!....
0060 - 43 8f 57 86 83 9c 84 27-17 5b 46 cb cd 12 76 57 C.W....'.[F...vW
0070 - 50 69 30 74 00 c6 b3 5f-fa 7c 46 de 37 aa 0e 09 Pi0t..._.|F.7...
0080 - 23 ad 27 a2 41 ce d6 24-bb 3c cf bb a2 a5 16 d5 #.'.A..$.<......
0090 - 57 9a df 0a e0 cc dd f6-60 92 e7 f7 8f 77 a9 c0 W.......`....w..
00a0 - cf c4 98 01 84 2e a3 c8-fa 57 5a c9 8e 7d c3 0e .........WZ..}..
Start Time: 1487733586
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
closed
证书内容即为:
-----BEGIN CERTIFICATE-----
MIICcTCCAdoCCQCfnTl2kYWHyTANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJV
UzENMAsGA1UECAwETWFyczETMBEGA1UEBwwKaVRyYW5zd2FycDETMBEGA1UECgwK
aVRyYW5zd2FycDETMBEGA1UECwwKaVRyYW5zd2FycDEgMB4GA1UEAwwXZ2l0bGFi
LnR5dGVjaC50aWFueWEuY24wHhcNMTcwMTIwMDkwMDM2WhcNMjcwMTE4MDkwMDM2
WjB9MQswCQYDVQQGEwJVUzENMAsGA1UECAwETWFyczETMBEGA1UEBwwKaVRyYW5z
d2FycDETMBEGA1UECgwKaVRyYW5zd2FycDETMBEGA1UECwwKaVRyYW5zd2FycDEg
MB4GA1UEAwwXZ2l0bGFiLnR5dGVjaC50aWFueWEuY24wgZ8wDQYJKoZIhvcNAQEB
BQADgY0AMIGJAoGBALmhKqTIwCDCweTFofvokIaFOtDdlgZeH05JIU/D6JQRpHPd
B1lthNKQ/F9hX54VobccOUIOBJ5TyUYJhrbeuCBriu17anYLyk3583sIaPrbtMU+
ay7a+OxyqQxqw9qZ1/eQkuONOIbUtGt8uYWBGP7HkKm+L3cfxesTwrrQQwChAgMB
AAEwDQYJKoZIhvcNAQEFBQADgYEAp529Hq/acXlynqYR8QUnnTdtsqTbT/nzqc4g
WP1Lc9KGT7FJCIve2qQUC9MsqF19QbXGfXWBde3krRkjGbFI1whlntPrS/Yt8h16
43jU1tsBOS4TVeDYvoRlSts/gTBJq8D7UR1UOjX1obKmbHUR1xV3WYZvpU3AkuDZ
DVtRcfI=
-----END CERTIFICATE-----
添加到信任文件中,root也没写权限先加上
chmod u+w /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
然后直接编辑文件,将证书内容添加到末尾
搞定!
