我有一個我希望信任的自簽名憑證。以傳統方式添加它不起作用 - 我在瀏覽器和curl中仍然存在SSL錯誤。我還應該做什麼?費多拉 37 x64。
[aleksandr@fedora ~]$ sudo cp Downloads/localhost.pem /etc/pki/ca-trust/source/anchors/
[aleksandr@fedora ~]$ cat /etc/pki/ca-trust/source/anchors/localhost.pem
-----BEGIN CERTIFICATE-----
MIIDDDCCAfSgAwIBAgIITC1dTII92rYwDQYJKoZIhvcNAQELBQAwFDESMBAGA1UE
...
p8TMthJT6UFci8jxS/MYaQtEKbecxc9edoqN7IZKLv06ly8i5AFiEEbfzqL1HBYJ
...
bQnby+pQjSPhcpVsWzzQpA==
-----END CERTIFICATE-----
[aleksandr@fedora ~]$ sudo update-ca-trust extract
[aleksandr@fedora ~]$ cat /etc/pki/tls/certs/ca-bundle.crt | grep p8TMthJT6UFci8jxS
答案1
結果我嘗試新增的憑證不是 CA。這就是為什麼update-ca-trust什麼也沒做。這可以透過
openssl x509 -in localhost.pem -text -noout輸出進行檢查:
X509v3 基本限制:關鍵 CA:FALSE