问题
I try to do ssl connection for my server in c. i have take this code : https://wiki.openssl.org/index.php/Simple_TLS_Server and I have generated certificate with certbot:
sudo certbot certonly --standalone
I have copy cert.pem and privkey.pem present in /etc/letsencrypt/live/MY_DOMAIN/
on my program directory.
but when I try to connect with curl, I get this error:
curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.haxx.se/docs/sslcerts.html
and my server print :
1996193792:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../ssl/record/rec_layer_s3.c:1407:SSL alert number 48
thank you for your help !
回答1:
That oversimple server does not handle a chain cert (or certs), also called intermediate, which every real CA this century requires, including LE. It is suitable only for test certs you generate yourself, or some limited environments like the intranet of a company that runs its own private CA.
Replace SSL_CTX_use_certificate_file
on the cert.pem
file with SSL_CTX_use_certificate_chain_file on the fullchain.pem
file.
Also, SSLv23*
methods have (finally!) been replaced by TLS*
methods as of 1.1.0 in 2016, although the obsolete names remain as synonyms for now.
来源:https://stackoverflow.com/questions/59038009/ssl-connection-with-tls-server-and-letsencrypt