我是靠谱客的博主 奋斗白猫,最近开发中收集的这篇文章主要介绍CentOS7 导入自定义根证书,觉得挺不错的,现在分享给大家,希望可以做个参考。

概述

导入前cURL https API接口失败

export TOKEN=$(cat token_file)
curl
-X GET -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" https://k8sapi.example.com:6443/api/
curl: (60) Peer's Certificate issuer is not recognized.
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.

导入后cURL https API接口成功

export TOKEN=$(cat token_file)
curl
-X GET -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" https://k8sapi.example.com:6443/api/
{
"kind": "APIVersions",
"versions": [
"v1"
],
"serverAddressByClientCIDRs": [
{
"clientCIDR": "0.0.0.0/0",
"serverAddress": "10.116.68.203:6443"
}
]
}
## 当然可以在curl命令里面指定-k/--insecure 或者指定证书访问,例如
curl --cacert kubernetes_ca.crt
-X GET -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" https://k8sapi.example.com:6443/api/

CentOS7 导入自定义CA证书(根证书)

1. 安装ca-certificates

 yum -y install ca-certificates

2.证书文件放入 /usr/share/pki/ca-trust-source/anchors

# 证书名字后缀是crt,格式为pem,也就是有BEGIN和END的格式
ls -l /usr/share/pki/ca-trust-source/anchors
kubernetes_ca.crt

3. 更新

update-ca-trust
# 如上命令执行完成后etc/ssl/certs/ca-bundle.crt 以及/etc/ssl/certs/ca-bundle.trust.crt就包含了新的自定义证书
# 例如
tail -n20 /etc/ssl/certs/ca-bundle.trust.crt
# kubernetes
-----BEGIN TRUSTED CERTIFICATE-----
MIICyDCCAbCgAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl
cm5ldGVzMB4XDTE5MTIwNDEwMzUzMFoXDTI5MTIwMTEwMzUzMFowFTETMBEGA1UE
AxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOEC
IpMQQP7MSd5JmvnvxGca3r2p5BXVoPKxKa25eXTxGLRV6jKtYVV/Duj10MOxQbSm
61B9T2m7UOzI/KzSaEMVBRe6SvMSQLBrs53BmYQmYd3lzTovClOR9aFDlcus0OMP
BQ2bxQXpeJEQ0vIsEGoHPPxijAwTGx7AoRrnbqEVN/Z+ojd1TI0sIFJtREDdJ5xx
+8qppvmUCSkJ73ps1yp7aiutPrXfTX2wDaDGyu7K6Lq4W+RCZJiv7rG3eipFzDdB
CYF++Aa/jQg76qGfhgjlk2C9XG0FYSiIrOeKoheoflGeYjO6OIO9vkTZUzfer2oM
SmnL7kSkpjCdKcsiQy8CAwEAAaMjMCEwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB
/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAEr/XBOPx18VOl8in88K1i+7WNPH
Pv2mG/O7RgD9NygqfZadt2sboK2fAOwKAa5BJcnCpEr8evaTH92IyZSXyx8m5ew1
h4Zh5CD4VkUabQPFAMiCGvKgmhyLVKEA9yqvbOR/IR4Tx7y8eVEpNYj+dmi6+fs7
6Cb7xAacSttOHzu8g76y5BgLhtnIQux5iv2qWBMnXoR/7596M9OcZkDbkTWOkGZx
THxZD713sgAjwK6ICNkI85uWT/ZQP54uxGPZtt5Y1LpkKqI0lPQM6rpVO1BxiOkB
RwfOB3gbv6DNIi8v8FWap34APcdFlEPEMVlTGb6FB+x75YiziWLtnnEQvsQwDAwK
a3ViZXJuZXRlcw==
-----END TRUSTED CERTIFICATE-----

最后

以上就是奋斗白猫为你收集整理的CentOS7 导入自定义根证书的全部内容,希望文章能够帮你解决CentOS7 导入自定义根证书所遇到的程序开发问题。

如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。

本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
点赞(37)

评论列表共有 0 条评论

立即
投稿
返回
顶部