goquic
goquic copied to clipboard
devsisters
Verify failedx509: certificate signed by unknown authority
I generated self-signed cert using openssl as given in this doc.
I use this to start the server:
./server -cert=server.crt -key=server.key
When I run the client I get an error:
[0224/165329:VERBOSE1:quic_crypto_client_stream.cc(413)] Reasons for rejection: 2048 2016/02/24 16:53:29 Verify failedx509: certificate signed by unknown authority
How do I make the client request work?
You need to either install the CA authority certificate in your local client bundle, or implement a new option for goquic that ignores broken certificates. But honestly, there is no reason to generate broken CA certificates now that let's encrypt provides free HTTPS certs to the planet.
https://letsencrypt.org/
@bharatkrishna if that works for you go ahead and close this issue for the devs, thanks!
what about local testing? so i have to spin this up on a public domain and use letsencrypt to even run the server and client out of the gate?
@vyrus001 You can always add a self-signed CA to the system for doing the testing. Or you can add InsecureSkipVerify option to the tls.Config.
For local testing, you can generate a self-signed certificate/key pair and add to your OS's certificate store. Detail instructions are here.
You can use chrome's --host-resolver-rules option, or /etc/hosts trick, to use fake domain.
Ahh, i missed the part where the client checks the OS's cert store, thanks!
I created certificate and key files for quic_client & quic_server project from Chromius.( by using generate_certs.sh, CA root certificate was added into OS's root certificate store ). This pair was used succesfully. But I can't use they with goquic project because already have Verify failedx509: certificate signed by unknown authority. Where is my mistake? Thanks
Hi, how can I add a InsecureSkipVerify option to the tls.Config. Would you please give me more details, Thanks!
