gpt4 book ai didi

ssl - HAProxy 负载均衡器 : Peer's Certificate issuer is not recognized

转载 作者:太空宇宙 更新时间:2023-11-03 14:50:18 34 4
gpt4 key购买 nike

我刚刚使用 HAProxy 1.5.2 设置了一个负载均衡器,但 HTTPS 前端无法正常工作。

我使用 curl 向我的服务器发出如下请求: curl https://haproxy.example.com 输出如下:

curl: (60) Peer's Certificate issuer is not recognized.
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.

配置如下:

frontend https-in bind *:443 ssl crt /var/crt/mycrt.pem ca-file /var/crt/myca.crt
reqadd X-Forwarded-Proto:\ https
default_backend https-in-443

/var/crt/myca.crt 是 CA 捆绑文件。

有人可以帮助解决这个问题吗?非常感谢。

最佳答案

最后,我解决了这个问题

刚刚在 bind *:443 ssl crt/var/crt/mycrt.pem ca-file/var/crt/myca.txt 的末尾添加了“verify optional”,如下所示

引用:HAProxy: client side ssl certificates

关于ssl - HAProxy 负载均衡器 : Peer's Certificate issuer is not recognized,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34940296/

34 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com