anjia0532 edited a comment on issue #4514: URL: https://github.com/apache/apisix/issues/4514#issuecomment-872760280
I am not very familiar with this piece. The above is explained above, / etc / ssl / ceert_ca.pem is me casually selected a root certificate (Find / -Name * .pem), I found it after it According to https://letsencrypt.org/certificates/ found a ISRG_ROOT tried, I don't know how to be a public signature, (LetSencrypt should be a very common plan, theoretical You should also need to configure a trust certificate separately) What you mean, I need to sign a trust certificate with OpenSSL alone separately, I feel a bit weird, there is a parameter to ignore trust check (perhaps I should go to the OpenResty community? But I am not too Confirm is the problem of APISIX, or the problem of Apisix + Alpine, or OpenResty's question)? >我对这块不是很熟悉,上文中有解释,/etc/ssl/certs/ca-cert-GlobalSign_Root_CA.pem 是我随便选了一个根证书(find / -name *.pem),发现不行后,又根据https://letsencrypt.org/certificates/ 找了一个ISRG_Root的试了一下也不行,我不太清除为啥一个公共签署的还不被信任,(letsencrypt应该是一个很常见的方案,理论上不应该也不需要再单独配置一个信任证书) > 您的意思是,需要我针对这个证书,单独用Openssl签一个信任证书给apisix? 感觉有点怪怪的,有参数可以忽略信任校验么(或许这个问题我应该去openresty社区提问?但是我不太确认是apisix的问题,还是apisix+alpine的问题,还是openresty的问题)? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
