ssl connection with tls server and letsencrypt

一曲冷凌霜 提交于 2021-01-29 14:01:29

问题


I try to do ssl connection for my server in c. i have take this code : https://wiki.openssl.org/index.php/Simple_TLS_Server and I have generated certificate with certbot:

sudo certbot certonly --standalone

I have copy cert.pem and privkey.pem present in /etc/letsencrypt/live/MY_DOMAIN/ on my program directory. but when I try to connect with curl, I get this error:

curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.haxx.se/docs/sslcerts.html

and my server print :

1996193792:error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:../ssl/record/rec_layer_s3.c:1407:SSL alert number 48

thank you for your help !


回答1:


That oversimple server does not handle a chain cert (or certs), also called intermediate, which every real CA this century requires, including LE. It is suitable only for test certs you generate yourself, or some limited environments like the intranet of a company that runs its own private CA.

Replace SSL_CTX_use_certificate_file on the cert.pem file with SSL_CTX_use_certificate_chain_file on the fullchain.pem file.

Also, SSLv23* methods have (finally!) been replaced by TLS* methods as of 1.1.0 in 2016, although the obsolete names remain as synonyms for now.



来源:https://stackoverflow.com/questions/59038009/ssl-connection-with-tls-server-and-letsencrypt

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!