douzhuo5671 2017-10-31 09:06
浏览 121
已采纳

如何针对不完整的TLS证书执行https请求?

I'm trying to make an https request in go against a URL which has an incomplete TLS certificate chain. Here's the relevant portion from the Qualys test tool, which shows the certificate chain is missing "Symantec Class 3 Secure Server CA - G4" :

SSL report screengrab

Most browsers do cope with this, presumably because they have the Symantec cert preloaded? A simple golang example, however, will fail with the error x509: certificate signed by unknown authority

package main

import (
"log"
"net/http"
)

func main() {

    _, err := http.Get("https://www.example.com/")
    if err != nil {
        log.Fatal(err)
    } else {
        log.Println("Success!") 
    }
}

I've notified the site in question, but is there a way I can insert the missing certificate into the certificate store go is using?

  • 写回答

1条回答 默认 最新

  • doushen9863 2017-10-31 10:02
    关注

    To resolve this, I just updated the system certificate store on the client to include the missing intermediate certificate.

    The client was running on an Ubuntu based server, so this fixed the issue:

    #download certificate
cd /usr/local/share/ca-certificates
curl -O https://symantec.tbs-certificats.com/SymantecSSG4.crt

#dump the fingerprint
openssl x509 -noout -fingerprint -sha256 -inform pem -in SymantecSSG4.crt

    I checked the output matched the fingerprint the test tool reported I was missing:

    SHA256 Fingerprint=EA:E7:2E:B4:54:BF:6C:39:77:EB:D2:89:E9:70:B2:F5:28:29:49:19:00:93:D0:D2:6F:98:D0:F0:D6:A9:CF:17

    Then I updated the certificate store with this:

    update-ca-certificates
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 我想咨询一下路面纹理三维点云数据处理的一些问题,上传的坐标文件里是怎么对无序点进行编号的,以及xy坐标在处理的时候是进行整体模型分片处理的吗
  • ¥15 CSAPPattacklab
  • ¥15 一直显示正在等待HID—ISP
  • ¥15 Python turtle 画图
  • ¥15 关于大棚监测的pcb板设计
  • ¥15 stm32开发clion时遇到的编译问题
  • ¥15 lna设计 源简并电感型共源放大器
  • ¥15 如何用Labview在myRIO上做LCD显示?(语言-开发语言)
  • ¥15 Vue3地图和异步函数使用
  • ¥15 C++ yoloV5改写遇到的问题