kong - 我的自定义 SSL 证书不起作用#kong
问题描述
我添加服务
curl -i -X POST http://100.73.66.21:32763/services \
>--data "name=app-list4"
>--data "url=http://100.73.66.5:3401/api/objs/App
"
HTTP/1.1 201 Created
我在 Postman 中创建了一个证书,因为使用 Curl 太麻烦了,它创建得很好,所以我列出了它:
{
"key": "-----BEGIN RSA PRIVATE KEY-----\nMIICXQIBAAKBgQC3On/mFql4qCfgmuj1dTNo9VyAZ3ANVVcbvuKvnzU9mk1mbkMs\no0Se7BVzj1YLtn+dOlCDOFnEanYy7ynJ2ECJpgVLrc+IAGiiD+qwxU5q2sigNpiG\nJXyD/vZ17KmH4ibBlKIyIcdn0lrXc/XyTK7L58dfngJI5Q6WdKsGUBKqIwIDAQAB\nAoGBAIZiD1/viwgFPIoM04MDHFuEaP1738DHsIWW8Kchu2ic/Nt9TyMz86YjPHBu\n1grtJJdqJ5a2A5B9DIe6xQlW461RoTDGr2YeWSJjnrFJFJnF6YdzTvzmHRPRtYjp\nAW4yvpODixP/GHIfkHEBwCQHwz0pwxPlw+5HdQpV+lojj1jhAkEA71aJ7bYgAlwK\n282IkTNLKLe67eZaYsoTyB9VSdZNkWYb+Nm/NPSoQ/5XCdtBUkY3z7/qG6UqV9oy\nh0Ik8AJdmwJBAMP7+1i1ta3NA/To4fyT3CNCEZpBk/agMRjIpelGl+nvYvgGvpBs\n3aidlRmD/5R2QDF3Aj/4epPgXkl7ag1B8hkCQE2z3dHUKC477baQ0v65FXShucmU\n2NFr4+I78fen4MUMzpYLM52gtKRmhaGIknuAmowTNZFGHSoqh+8L1WwqiHMCQH+K\nBwq2zbF6Hp4Nw6sUKglD4KKrFHhFzU2cnePOTeQuJhDUisUAI8usKTB+px9dSO8n\nzG4G7PY46AMX7m8MQFkCQQDDj65GRVHnoYx7XRTYXBv/eNZYUvUywDQyV+cEH2st\nOft717FKUEdPt89axYw3MrBLQKblBBOboFye0iMapdKa\n-----END RSA PRIVATE KEY-----",
"cert": "-----BEGIN CERTIFICATE-----\nMIICKTCCAZICCQCujvGgt4U6rTANBgkqhkiG9w0BAQsFADBZMQswCQYDVQQGEwJj\nbjELMAkGA1UECAwCc2gxCzAJBgNVBAcMAnNoMRIwEAYDVQQKDAlkaW5nY2xvdWQx\nDTALBgNVBAsMBHRlc3QxDTALBgNVBAMMBHJvb3QwHhcNMjEwNjE3MDk1MDU4WhcN\nMzEwNjE1MDk1MDU4WjBZMQswCQYDVQQGEwJjbjELMAkGA1UECAwCc2gxCzAJBgNV\nBAcMAnNoMRIwEAYDVQQKDAlkaW5nY2xvdWQxDTALBgNVBAsMBHRlc3QxDTALBgNV\nBAMMBHJvb3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALc6f+YWqXioJ+Ca\n6PV1M2j1XIBncA1VVxu+4q+fNT2aTWZuQyyjRJ7sFXOPVgu2f506UIM4WcRqdjLv\nKcnYQImmBUutz4gAaKIP6rDFTmrayKA2mIYlfIP+9nXsqYfiJsGUojIhx2fSWtdz\n9fJMrsvnx1+eAkjlDpZ0qwZQEqojAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAreMT\nCLyQIqpao2MdrlhDJ87jOsVQvsnv8LuayerqFX8FuFeIOd3nvK5/sEfdGmzOPwpx\n/DKPWDDEchkQVrri3rvIZadSV3rl3DUGeV1l6YLVhRKL4YwmRKpEDsMaAimKrdt3\ngR3+AhpIhVTjTFIu6dq2bDz0QBuEJQVGp/joVlA=\n-----END CERTIFICATE-----",
"tags":[
"server"
],
"snis":[
"testkong.com"
]
}
现在我创建一条路线
curl -i -X POST http://100.73.66.21:32763/routes \
>--data "service.id=000aefb3-d7e1-4865-afbf-0ccb0c9f1b17" \
>--data "paths[]=/app/list/test5" \
>--data "protocols[]=https" \
>--data "name=route-test5" \
>--data "hosts[]=testkong.com"
我提出了一个 https 请求
curl -v --insecure -X GET https://100.73.66.21:31966/app/list/test5 \
>-H "Host: testkong.com"
Note: Unnecessary use of -X or --request, GET is already inferred.
* Trying 100.73.66.21:31966...
* TCP_NODELAY set
* Connected to 100.73.66.21 (100.73.66.21) port 31966 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=Kong; OU=IT Department; CN=localhost
* start date: Oct 28 06:50:29 2021 GMT
* expire date: Jan 19 03:14:08 2038 GMT
* issuer: C=US; ST=California; L=San Francisco; O=Kong; OU=IT Department; CN=localhost
* SSL certificate verify result: self signed certificate (18), continuing anyway.
> GET /app/list/test5 HTTP/1.1
> Host: testkong.com
> User-Agent: curl/7.68.0
> Accept: */*
> NERV-USER: admin
> NERV-TOKEN: 5c593d19de9dea1dcf80c4887479e3a5
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Content-Type: application/json; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Cache-Control: no-cache
< Date: Mon, 01 Nov 2021 04:56:14 GMT
< X-Kong-Upstream-Latency: 10
< X-Kong-Proxy-Latency: 1
< Via: kong/2.6.0
{
...data,its ok
}
我看到它使用的是默认 SSL 证书,为什么我的自定义证书不起作用?
解决方案
推荐阅读
- php - 尝试从 API 检索数据时未定义过滤数据
- java - 如何使用 JPA/Spring/Hibernate 对表行强制执行写锁定
- kubernetes-ingress - 将网址从 www.example.com/page 重定向到入口中的其他域 www.abc.com/page
- python - Python连接pymongo
- python - Python pandas编辑多行
- angular - 如何将图例中的标签和数据与 Chartjs Angular 对齐
- python - 我面临 ModuleNotFoundError: No module named 'testCases' while running a code in google collab what to do
- parameters - 在 AnyLogic 中指定特定 GIS 点或长/纬度坐标的参数
- python - 如何获取所有周的列表
- r - R 中 plot() 函数的大小参数