Add https self-signed certificate to the trust issue centos system

Others 2019-09-26 15:23:41 views: null

From: wiz.cn

Date: 2017-02-22

Peer's certificate issuer has been marked as not trusted by the user

View certificate information openssl

[root@localhost ~]# openssl s_client -showcerts -connect gitlab.zw.me:443
CONNECTED(00000003)
depth=0 C = US, ST = Mars, L = iTranswarp, O = iTranswarp, OU = iTranswarp, CN = gitlab.tytech.tianya.cn
verify return:1
---
Certificate chain
 0 s:/C=US/ST=Mars/L=iTranswarp/O=iTranswarp/OU=iTranswarp/CN=gitlab.tytech.tianya.cn
   i:/C=US/ST=Mars/L=iTranswarp/O=iTranswarp/OU=iTranswarp/CN=gitlab.tytech.tianya.cn
-----BEGIN CERTIFICATE-----
MIICcTCCAdoCCQCfnTl2kYWHyTANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJV
UzENMAsGA1UECAwETWFyczETMBEGA1UEBwwKaVRyYW5zd2FycDETMBEGA1UECgwK
aVRyYW5zd2FycDETMBEGA1UECwwKaVRyYW5zd2FycDEgMB4GA1UEAwwXZ2l0bGFi
LnR5dGVjaC50aWFueWEuY24wHhcNMTcwMTIwMDkwMDM2WhcNMjcwMTE4MDkwMDM2
WjB9MQswCQYDVQQGEwJVUzENMAsGA1UECAwETWFyczETMBEGA1UEBwwKaVRyYW5z
d2FycDETMBEGA1UECgwKaVRyYW5zd2FycDETMBEGA1UECwwKaVRyYW5zd2FycDEg
MB4GA1UEAwwXZ2l0bGFiLnR5dGVjaC50aWFueWEuY24wgZ8wDQYJKoZIhvcNAQEB
BQADgY0AMIGJAoGBALmhKqTIwCDCweTFofvokIaFOtDdlgZeH05JIU/D6JQRpHPd
B1lthNKQ/F9hX54VobccOUIOBJ5TyUYJhrbeuCBriu17anYLyk3583sIaPrbtMU+
ay7a+OxyqQxqw9qZ1/eQkuONOIbUtGt8uYWBGP7HkKm+L3cfxesTwrrQQwChAgMB
AAEwDQYJKoZIhvcNAQEFBQADgYEAp529Hq/acXlynqYR8QUnnTdtsqTbT/nzqc4g
WP1Lc9KGT7FJCIve2qQUC9MsqF19QbXGfXWBde3krRkjGbFI1whlntPrS/Yt8h16
43jU1tsBOS4TVeDYvoRlSts/gTBJq8D7UR1UOjX1obKmbHUR1xV3WYZvpU3AkuDZ
DVtRcfI=
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=Mars/L=iTranswarp/O=iTranswarp/OU=iTranswarp/CN=gitlab.tytech.tianya.cn
issuer=/C=US/ST=Mars/L=iTranswarp/O=iTranswarp/OU=iTranswarp/CN=gitlab.tytech.tianya.cn
---
No client certificate CA names sent
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 1176 bytes and written 375 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: A54CF454615D463CB5B273FC7563FFFDBF0463445B3067512AFF5E73C68D3679
    Session-ID-ctx: 
    Master-Key: 813492CE1FCF4722E15D2E8DF5EDEDBCBD4C2B97F2063BB8A7FD2A4A31DFE13B473B2B69867FF281EE0F555107873661
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 6c d5 f5 ed 19 17 d3 d5-24 63 9c 48 62 5b 34 68   l.......$c.Hb[4h
    0010 - 5c c1 8b 4d 8e 96 e0 84-0e b2 24 44 41 45 10 36   \..M......$DAE.6
    0020 - e1 95 4c 82 33 55 3d de-ef 2d 26 a3 de ad 52 70   ..L.3U=..-&...Rp
    0030 - 04 37 77 c8 e3 24 61 39-6b 70 38 82 84 c9 ca 23   .7w..$a9kp8....#
    0040 - 81 22 a0 1d 99 16 9b 2b-64 31 a5 22 06 63 e7 55   .".....+d1.".c.U
    0050 - f5 31 06 f8 fc a8 cf b0-80 4c 45 21 e3 10 c7 a4   .1.......LE!....
    0060 - 43 8f 57 86 83 9c 84 27-17 5b 46 cb cd 12 76 57   C.W....'.[F...vW
    0070 - 50 69 30 74 00 c6 b3 5f-fa 7c 46 de 37 aa 0e 09   Pi0t..._.|F.7...
    0080 - 23 ad 27 a2 41 ce d6 24-bb 3c cf bb a2 a5 16 d5   #.'.A..$.<......
    0090 - 57 9a df 0a e0 cc dd f6-60 92 e7 f7 8f 77 a9 c0   W.......`....w..
    00a0 - cf c4 98 01 84 2e a3 c8-fa 57 5a c9 8e 7d c3 0e   .........WZ..}..

    Start Time: 1487733586
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
closed

Contents of the certificate shall:

-----BEGIN CERTIFICATE-----

MIICcTCCAdoCCQCfnTl2kYWHyTANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJV

UzENMAsGA1UECAwETWFyczETMBEGA1UEBwwKaVRyYW5zd2FycDETMBEGA1UECgwK

aVRyYW5zd2FycDETMBEGA1UECwwKaVRyYW5zd2FycDEgMB4GA1UEAwwXZ2l0bGFi

LnR5dGVjaC50aWFueWEuY24wHhcNMTcwMTIwMDkwMDM2WhcNMjcwMTE4MDkwMDM2

WjB9MQswCQYDVQQGEwJVUzENMAsGA1UECAwETWFyczETMBEGA1UEBwwKaVRyYW5z

d2FycDETMBEGA1UECgwKaVRyYW5zd2FycDETMBEGA1UECwwKaVRyYW5zd2FycDEg

MB4GA1UEAwwXZ2l0bGFiLnR5dGVjaC50aWFueWEuY24wgZ8wDQYJKoZIhvcNAQEB

BQADgY0AMIGJAoGBALmhKqTIwCDCweTFofvokIaFOtDdlgZeH05JIU/D6JQRpHPd

B1lthNKQ/F9hX54VobccOUIOBJ5TyUYJhrbeuCBriu17anYLyk3583sIaPrbtMU+

ay7a+OxyqQxqw9qZ1/eQkuONOIbUtGt8uYWBGP7HkKm+L3cfxesTwrrQQwChAgMB

AAEwDQYJKoZIhvcNAQEFBQADgYEAp529Hq/acXlynqYR8QUnnTdtsqTbT/nzqc4g

WP1Lc9KGT7FJCIve2qQUC9MsqF19QbXGfXWBde3krRkjGbFI1whlntPrS/Yt8h16

43jU1tsBOS4TVeDYvoRlSts/gTBJq8D7UR1UOjX1obKmbHUR1xV3WYZvpU3AkuDZ

DVtRcfI=

-----END CERTIFICATE-----

Adding to the trust document, root did not write permissions to add

chmod u+w /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

Then directly edit the file, add the certificate to the end of

Get!

Guess you like

Origin www.cnblogs.com/tutuye/p/11589546.html
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com