这里要解决两个问题:

  • Chrome导入Go*t证书
  • 命令行SSL证书验证问题

下文的通配符*请自己脑补。。(:з」∠)

Chrome命令行导入证书

不知道为啥ChromeFirefox导入证书那么简单,老是unable parse证书。。查了很多资料终于解决这个问题了,先删除~/.pki文件夹:

# sudo rm -r ~/.pki

接着创建并初始化~/.pki目录:

# mkdir -p ~/.pki/nssdb
# certutil -d ~/.pki/nssdb -N

这时候会要求你设置密码,输入两次即可,然后导入CA.crt证书到Chrome:

# certutil -d sql:~/.pki/nssdb -A -t "C,," -n Goagent -i '/home/netcan/XX-*nt-2.5.0/data/gae_proxy/CA.crt' # CA.crt地址根据情况修改

同样输入密码,然后打开Chrome,你会惊奇的发现:
Google

终于解决问题了。。

命令行代理证书问题

Linux命令行下使用代理,

# export http_proxy=127.0.0.1:8087 # Goagent代理地址
# export https_proxy=127.0.0.1:8087

然而使用Goagent代理的时候,使用https协议的话会出现证书信任问题而导致中断,例如

# git clone https://github.com/XX-*nt/XX-*nt.git
Cloning into 'XX-*nt'...
fatal: unable to access 'https://github.com/XX-*nt/XX-*nt.git/': server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

# npm install -g cordova
npm ERR! Linux 3.16.0-38-generic
npm ERR! argv "/usr/local/bin/node" "/usr/local/bin/npm" "install" "-g" "cordova"
npm ERR! node v0.12.4
npm ERR! npm  v2.10.1
npm ERR! code ECONNRESET

npm ERR! network tunneling socket could not be established, cause=connect EINVAL
npm ERR! network This is most likely not a problem with npm itself
npm ERR! network and is related to network connectivity.
npm ERR! network In most cases you are behind a proxy or have bad network settings.
npm ERR! network
npm ERR! network If you are behind a proxy, please make sure that the
npm ERR! network 'proxy' config is set properly.  See: 'npm help config'

npm ERR! Please include the following file with any support request:
npm ERR!     /tmp/npm-debug.log

解决方法:

GoagentCA.crt证书复制到/usr/share/ca-certificates下,接着执行

# sudo dpkg-reconfigure ca-certificates

在对话框中选择yes,然后按空格选中CA.crt,确定后就行了。
选中CA.crt

测试

# git clone https://github.com/XX-*nt/XX-*nt.git
Cloning into 'XX-*nt'...
remote: Counting objects: 6331, done.
remote: Compressing objects: 100% (96/96), done.
remote: Total 6331 (delta 44), reused 0 (delta 0), pack-reused 6215
Receiving objects: 100% (6331/6331), 10.63 MiB | 727.00 KiB/s, done.
Resolving deltas: 100% (3474/3474), done.
Checking connectivity... done.