Verify failedx509: certificate signed by unknown authority #17
Comments
|
You need to either install the CA authority certificate in your local client bundle, or implement a new option for goquic that ignores broken certificates. But honestly, there is no reason to generate broken CA certificates now that let's encrypt provides free HTTPS certs to the planet. |
|
@bharatkrishna if that works for you go ahead and close this issue for the devs, thanks! |
|
what about local testing? so i have to spin this up on a public domain and use letsencrypt to even run the server and client out of the gate? |
|
@vyrus001 You can always add a self-signed CA to the system for doing the testing. Or you can add |
|
For local testing, you can generate a self-signed certificate/key pair and add to your OS's certificate store. Detail instructions are here. You can use chrome's --host-resolver-rules option, or /etc/hosts trick, to use fake domain. |
|
Ahh, i missed the part where the client checks the OS's cert store, thanks! |
|
I created certificate and key files for quic_client & quic_server project from Chromius.( by using generate_certs.sh, CA root certificate was added into OS's root certificate store ). This pair was used succesfully. But I can't use they with goquic project because already have Verify failedx509: certificate signed by unknown authority. Where is my mistake? Thanks |
|
Hi, how can I add a InsecureSkipVerify option to the tls.Config. Would you please give me more details, Thanks! |
|
I have the same problem |
I generated self-signed cert using openssl as given in this doc.
I use this to start the server:
./server -cert=server.crt -key=server.keyWhen I run the client I get an error:
How do I make the client request work?
The text was updated successfully, but these errors were encountered: