douzhuo5671 2017-10-31 09:06
浏览 121
已采纳

如何针对不完整的TLS证书执行https请求?

I'm trying to make an https request in go against a URL which has an incomplete TLS certificate chain. Here's the relevant portion from the Qualys test tool, which shows the certificate chain is missing "Symantec Class 3 Secure Server CA - G4" :

SSL report screengrab

Most browsers do cope with this, presumably because they have the Symantec cert preloaded? A simple golang example, however, will fail with the error x509: certificate signed by unknown authority

package main

import (
"log"
"net/http"
)

func main() {

    _, err := http.Get("https://www.example.com/")
    if err != nil {
        log.Fatal(err)
    } else {
        log.Println("Success!") 
    }
}

I've notified the site in question, but is there a way I can insert the missing certificate into the certificate store go is using?

  • 写回答

1条回答 默认 最新

  • doushen9863 2017-10-31 10:02
    关注

    To resolve this, I just updated the system certificate store on the client to include the missing intermediate certificate.

    The client was running on an Ubuntu based server, so this fixed the issue:

    #download certificate
cd /usr/local/share/ca-certificates
curl -O https://symantec.tbs-certificats.com/SymantecSSG4.crt

#dump the fingerprint
openssl x509 -noout -fingerprint -sha256 -inform pem -in SymantecSSG4.crt

    I checked the output matched the fingerprint the test tool reported I was missing:

    SHA256 Fingerprint=EA:E7:2E:B4:54:BF:6C:39:77:EB:D2:89:E9:70:B2:F5:28:29:49:19:00:93:D0:D2:6F:98:D0:F0:D6:A9:CF:17

    Then I updated the certificate store with this:

    update-ca-certificates
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 对于squad数据集的基于bert模型的微调
  • ¥15 为什么我运行这个网络会出现以下报错?CRNN神经网络
  • ¥20 steam下载游戏占用内存
  • ¥15 CST保存项目时失败
  • ¥15 树莓派5怎么用camera module 3啊
  • ¥20 java在应用程序里获取不到扬声器设备
  • ¥15 echarts动画效果的问题,请帮我添加一个动画。不要机器人回答。
  • ¥15 Attention is all you need 的代码运行
  • ¥15 一个服务器已经有一个系统了如果用usb再装一个系统,原来的系统会被覆盖掉吗
  • ¥15 使用esm_msa1_t12_100M_UR50S蛋白质语言模型进行零样本预测时,终端显示出了sequence handled的进度条,但是并不出结果就自动终止回到命令提示行了是怎么回事: