命令行如何安装证书

分享于 

3分钟阅读

ubuntu

  繁體

问题

我可以在Firefox中导入证书,但用命令行无法做到,例如运行git push 得到:


fatal: unable to access 'https://github.com/user/repo': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none



git push命令输出,如下所示:


[master 630d087] message


 1 file changed, 93 insertions(+), 80 deletions(-)


 rewrite somefile (84%)


Counting objects: 9, done.


Delta compression using up to 4 threads.


Compressing objects: 100% (4/4), done.


Writing objects: 100% (5/5), 978 bytes | 0 bytes/s, done.


Total 5 (delta 2), reused 0 (delta 0)


To https://github.com/User/Repo.git


 851ae39..630d087 master -> master



git config --global http.sslverify false


答案1

在ubuntu中:

  • 转到/usr/local/share/ca-certificates/
  • 创建一个新文件夹
  • 将.crt文件复制到文件夹中
  • 确保权限正确(755用于文件夹,644用于文件)
  • 运行"sudo update-ca-certificates"
  • 请注意,SSL连接不再安全,因为你的学校管理员将能够拦截所有加密连接。


    答案2

    如果要将本地证书颁发机构安装为隐式信任,请将证书文件作为以.crt结尾的单个文件放入/usr/local/share/ca-certificates/,然后重新运行update-ca-certificates

    
    /usr/local/share/ca-certificates/
    
    
    
    

    复制到/usr/local/share/ca-certificates/之后,就可以更新cert的权限,并运行sudo update-ca-certificates,在输出中将看到添加的证书。


    答案3

    扩展名.crt, .pem和.cer可互换,只要更改文件扩展名,它们有相同的格式,试试这个:

    
    $ sudo cp mycert.cer /usr/share/ca-certificates/mycert.pem
    
    
    $ sudo dpkg-reconfigure ca-certificates
    
    
    $ sudo update-ca-certificates
    
    
    $ git config --global http.sslCAInfo /usr/share/ca-certificates/mycert.pem
    
    
    
    

    答案4

    
    sudo -i
    
    
    echo | openssl s_client -showcerts -servername site.example.com -connect example.com:443 2>/dev/null | awk '/-----BEGIN CERTIFICATE-----/, /-----END CERTIFICATE-----/' >> /usr/local/share/ca-certificates/ca-certificates.crt 
    
    
    update-ca-certificates
    
    
    
    

    通常site.example.comexample.com都是相同的主机名。



    COM  COMM  Comma  命令行  cer  certificates