把相关证书复制到服务器,然后把证书添加到受信任目录
>$ cp origin-pull-ca.pem origin-pull-ca.crt
>$ cp origin-pull-ca.crt /usr/local/share/ca-certificates/
>$ update-ca-certificates 删除证书
>$ sudo rm -f /usr/local/share/ca-certificates/origin-pull-ca.crt
>$ update-ca-certificates在nginx conf文件里面添加证书调用即可。
ssl_client_certificate /usr/local/share/ca-certificates/origin-pull-ca.crt; ssl_verify_client on;最终通过ip访问https://ip 结果显示如下,只能走域名访问,且即使知道目标源ip,绑定host文件也没用,新建slb只保留一个443端口,突然觉得有点无解了。
