不幸的是,我没有在 Windows 上检查它的简单方法,所以我将在这里使用在 Linux 上运行的 VirtualBox。安装vagrant,然后:
$ vagrant box add laravel/homestead
$ git clone https://github.com/laravel/homestead.git
$ cd homestead
$ git checkout v7.3.0
$ bash init.sh
我稍微简化了Homestead.yaml(您可能更愿意坚持使用默认值):
---
ip: "192.168.10.10"
provider: virtualbox
folders:
- map: /home/yuri/_/la1
to: /home/vagrant/code
sites:
- map: homestead.test
to: /home/vagrant/code/public
然后:
$ mkdir -p ~/_/la1/public
$ echo '<?php echo "it works";' > ~/_/la1/public/index.php
$ vagrant up
$ vagrant ssh -c 'ls /etc/nginx/sites-enabled'
homestead.test
$ vagrant ssh -c 'cat /etc/nginx/sites-enabled/homestead.test'
server {
listen 80;
listen 443 ssl http2;
server_name .homestead.test;
root "/home/vagrant/code/public";
...
ssl_certificate /etc/nginx/ssl/homestead.test.crt;
ssl_certificate_key /etc/nginx/ssl/homestead.test.key;
}
我们可以看到它在/etc/nginx/ssl 中有证书:
$ vagrant ssh -c 'ls -1 /etc/nginx/ssl'
ca.homestead.homestead.cnf
ca.homestead.homestead.crt
ca.homestead.homestead.key
ca.srl
homestead.test.cnf
homestead.test.crt
homestead.test.csr
homestead.test.key
我尝试在系统范围内信任服务器证书,但没有成功。它出现在 Firefox 证书管理器的服务器选项卡上,但这并没有让 Firefox 信任它。我可能已经添加了一个例外,但信任 CA 证书看起来是一个更好的选择。信任 CA 证书使浏览器信任它们颁发的任何证书(在 Homestead 下运行的新站点)。所以我们要在这里使用 CA 证书:
$ vagrant ssh -c 'cat /etc/nginx/ssl/ca.homestead.homestead.crt' > ca.homestead.homestead.crt
$ sudo trust anchor ca.homestead.homestead.crt
$ trust list | head -n 5
pkcs11:id=%4c%f9%25%11%e5%8d%ad%5c%2a%f3%63%b6%9e%53%c4%70%fa%90%4d%77;type=cert
type: certificate
label: Homestead homestead Root CA
trust: anchor
category: authority
然后,我将192.168.10.10 homestead.test 添加到/etc/hosts,重新启动 Chromium,它就可以工作了:
附:我正在运行 Chromium 65.0.3325.162 和 Firefox 59.0。
窗口
显然,Windows 没有trust 实用程序。在 Windows 下,有two stores:本地机器和当前用户证书存储。使用本地机器证书存储毫无意义,因为我们让它只为我们当前的用户工作。然后,有子商店。其中两个预定义是最受关注的:受信任的根证书颁发机构和中间证书颁发机构存储。在命令行中通常称为root and CA。
您可以通过 chrome://settings/?search=Manage%20certificates 访问 Chrome 的证书管理器,然后点击管理证书。最受关注的是受信任的根证书颁发机构和中间证书颁发机构选项卡。
管理证书的一种方法是通过command line:
>rem list Current User > Trusted Root Certification Authorities store
>certutil.exe -store -user root
>rem list Local Machine > Intermediate Certification Authorities store
>certutil.exe -store -enterprise CA
>rem GUI version of -store command
>certutil.exe -viewstore -user CA
>rem add certificate to Current User > Trusted Root Certification Authorities store
>certutil.exe -addstore -user root path\to\file.crt
>rem delete certificate from Current User > Trusted Root Certification Authorities store by serial number
>certutil.exe -delstore -user root 03259fa1
>rem GUI version of -delstore command
>certutil.exe -viewdelstore -user CA
结果如下(本地机器和当前用户证书存储):
root
homestead.test.crt
error
ca.homestead.homestead.crt
appears in Trusted Root Certification Authorities tab
CA
homestead.test.crt
doesn't work, appears in Other People tab
ca.homestead.homestead.crt
doesn't work, appears in Intermediate Certification Authorities tab
其他选项包括在资源管理器中双击证书、从 Chrome 的证书管理器导入证书、使用证书 MMC 管理单元(运行 certmgr.msc)或使用 CertMgr.exe。
对于那些安装了grep的人,这里是快速检查证书在哪里的方法:
>certutil.exe -store -user root | grep "homestead\|^root\|^CA" ^
& certutil.exe -store -user CA | grep "homestead\|^root\|^CA" ^
& certutil.exe -store -enterprise root | grep "homestead\|^root\|^CA" ^
& certutil.exe -store -enterprise CA | grep "homestead\|^root\|^CA"
因此,将 CA 证书安装到 Current User > Trusted Root Certification Authorities 存储似乎是最佳选择。并且确保不要忘记restart your browser。
更深入的解释它的工作原理
在Vagrantfile 中,它需要scripts/homestead.rb,然后运行Homestead.configure。这就是配置vagrant 以进行所有必要准备的方法。
我们可以在那里see:
if settings.include? 'sites'
settings["sites"].each do |site|
# Create SSL certificate
config.vm.provision "shell" do |s|
s.name = "Creating Certificate: " + site["map"]
s.path = scriptDir + "/create-certificate.sh"
s.args = [site["map"]]
end
...
config.vm.provision "shell" do |s|
...
s.path = scriptDir + "/serve-#{type}.sh"
...
end
...
end
end
所以,这些two files 分别创建证书和nginx 配置。
进一步阅读
How to make browser trust localhost SSL certificate?