问题描述
x509:由未知机构签名的证书x509: certificate signed by unknown authority我在 Windows XP 中使用 Firefox ESR 浏览器和 Chromium 浏览器运行了相同的 GET 命令,但没有人抱怨证书问题.
I've ran the same GET command using a Firefox ESR browser and a Chromium browser, from inside the Windows XP and none of them complain about the certificate.
请注意,我的证书有效并由受信任的机构签署.
Please note that my certificate is valid and signed by a trusted authority.
我做了一些研究,我发现有些人有同样的问题,并通过使用这个忽略 TLS 验证来解决它:
I've done some research and I found out that some people had the same problem and solved it by ignoring the TLS validation using this:
import ("net/http"; "crypto/tls")
tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify : true},
}
client := &http.Client{Transport: tr}
resp, err := client.Get("https://someurl:443/)
所以我将它添加到我的代码中,但它仍然无法正常工作:
So I added this to my code, but it is still not working:
// NewAPIClient - creates a new API client
func NewAPIClient() Client {
c := &APIClient{}
tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkyVerify: true},
}
c.client = &http.Client{Transport: tr}
return c
}
// GetTasks - retrieves a list of tasks from the backend.
func (c *APIClient) GetTasks() ([]byte, error) {
conf := config.GetInstance()
url := fmt.Sprintf("%s/myurl", conf.GetConfig().APIUrl)
req, err := http.NewRequest(http.MethodGet, url, nil)
if err != nil {
log.WithError(err).Errorf("Error creating HTTP request")
return nil, err
}
// Add headers
req.Header.Add("Authorization", conf.GetConfig().APIToken)
req.Header.Add("Accept", "application/json")
log.Info("Retrieving tasks from the API")
resp, err := c.client.Do(req)
if err != nil {
log.WithError(err).Errorf("Error retrieving tasks from the backend")
return nil, err
}
defer resp.Body.Close()
if resp.StatusCode != 200 {
errMsg := fmt.Sprintf("Received status: %s", resp.Status)
err = errors.New(errMsg)
log.WithError(err).Error("Error retrieving tasks from the backend")
return nil, err
}
tasks, err := ioutil.ReadAll(resp.Body)
if err != nil {
log.WithError(err).Error("Error reading tasks response body")
return nil, err
}
log.Info("The tasks were successfully retrieved")
return tasks, nil
}
是否有另一种方法可以解决此问题,而不必忽略证书验证?如果没有,我在代码中做错了什么?
Is there a another way to solve this problem, without having to ignore the certificate validation? If not, what I am doing wrong in my code?
推荐答案
Golang 使用 OS 证书存储.以下注释表示 Go 在 Windows 上使用 Windows 商店,类似于 Linux.
Golang uses the OS certificate store. The following comment indicates Go uses the Windows store on Windows, similar to Linux.
//CertGetCertificateChain 将遍历 Windows 的根存储以尝试构建经过验证的证书链
// CertGetCertificateChain will traverse Windows's root stores in an attempt to build a verified certificate chain
此注释和相关代码位于以下文件中:
This comment and the associated code is in the following file:
将服务器证书、中间 CA 证书和/或根 CA 证书添加到 Windows XP 证书存储区.您可以使用 IBM 发布的以下 Windows XP 说明:
Add the server certificate, Intermediate CA certificate and/or Root CA certificate to the Windows XP certificate store. You can use the following Windows XP instructions posted by IBM:
程序
mmcmmcGlobalSign 和 Securely 为更现代的 Windows 版本提供了类似的说明,但上面的 IBM 链接专门用于 Windows XP.下面的 Securely 文档还包括屏幕截图.
GlobalSign and Securely provide similar instructions for more modern versions of Windows but the IBM link above is specifically for Windows XP. The Securely docs below also include screen shots.
- Import and Export Certificate - Microsoft Windows
- How do I manually install the Securly SSL certificate on Windows - includes screen shots
这篇关于Golang HTTP x509:由未知权限签名的证书错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!