* 第一种方式:
可以从浏览器窗口打开证书弹窗,然后拖动下面的大一点的证书图标到任意文件夹即可,然后再key access管理里信任该证书即可;
Reference: https://www.wyr.me/post/618
* 第二种方式:
一、
❯ echo -n | openssl s_client -connect 192.168.8.28:3080
| sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
Can't use SSL_get_servername
depth=0 C = US, O = localhost, CN = localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, O = localhost, CN = localhost
verify return:1
-----BEGIN CERTIFICATE----- MIIDnTCCAoWgAwIBAgIRALVj0f0qDJ8dSdW4b7O5+VcwDQYJKoZIhvcNAQELBQAw NTELMAkGA1UEBhMCVVwwwWN3gDBiBgNVHREEWzBZghF0ZWxlcG9ydC1u b2RlLWRldoIJbG9jwwww7hXFv8L5n/XXqvAMmlY5Drd7Bl0M BwDvkTnd8ucsssn8IU+A49nVhx5kaiilstM83x1D4dLexIuYbpE8dVNVKtblJbQ GC5ZhiLtezVkubW/Ggl3cD5g0ThOBh6/MBPhA2m7YhnyS3zCV66Jq1EhOvnvmc9Y CcGG4DO4xxAnNE7fDHqten4= -----END CERTIFICATE-----
二、
由于直接请求本地teleport服务报错,可以直接粘贴证书
❯ cat teleportTest.crt -----BEGIN CERTIFICATE----- MIIDnTCCAoWgAwIBAgIRALVj0f0qDJ8dSdW4b7O5+VcwDQYJKoZIhvcNAQELBQAw NTELMAkGA1UEBhMCVVwwwWN3gDBiBgNVHREEWzBZghF0ZWxlcG9ydC1u b2RlLWRldoIJbG9jwwww7hXFv8L5n/XXqvAMmlY5Drd7Bl0M BwDvkTnd8ucsssn8IU+A49nVhx5kaiilstM83x1D4dLexIuYbpE8dVNVKtblJbQ GC5ZhiLtezVkubW/Ggl3cD5g0ThOBh6/MBPhA2m7YhnyS3zCV66Jq1EhOvnvmc9Y CcGG4DO4xxAnNE7fDHqten4= -----END CERTIFICATE-----
三、导入
导入后设置为总Trust,然后提示输入密码,证书的状态就会由x变成+号了
四、再次请求,并输入"thisisunsafe"即可