github-starred/frp
2
0
Fork 0
mirror of https://github.com/fatedier/frp.git synced 2026-05-15 08:05:49 -06:00
Code Issues 40 Projects Packages Wiki Activity Actions 1

[GH-ISSUE #4375] FRP 的双向验证设置应当使用相同的证书吗? #3455

New issue
Closed
opened 2026-05-05 14:13:25 -06:00 by gitea-mirror · 3 comments
gitea-mirror commented 2026-05-05 14:13:25 -06:00
Owner
Copy link

Originally created by @MironChen on GitHub (Aug 9, 2024).
Original GitHub issue: https://github.com/fatedier/frp/issues/4375

Bug Description

我在运行 frps 的VPS上使用acme.sh(via let's encrypt) 生成了 server.crt server.key 和 ca.crt (使用域名 frp.example.com)然后在本地运行的群晖 DSM里用相同的方式生成了三份证书。但在连接时提示 x509: certificate has expired or is not yet valid.

此时,VPS上的CA证书由E6签发(let's encrypt),DSM 上的证书由E5签发。

在更新两份CA均为 E5 签发后,问题消失。

frpc Version

0.59

frps Version

0.59

System Architecture

linux/amd64

Configurations

As description

Logs

No response

Steps to reproduce

No response

Originally created by @MironChen on GitHub (Aug 9, 2024). Original GitHub issue: https://github.com/fatedier/frp/issues/4375 ### Bug Description 我在运行 frps 的VPS上使用acme.sh(via let's encrypt) 生成了 server.crt server.key 和 ca.crt (使用域名 frp.example.com)然后在本地运行的群晖 DSM里用相同的方式生成了三份证书。但在连接时提示 `x509: certificate has expired or is not yet valid.` 此时,VPS上的CA证书由E6签发(let's encrypt),DSM 上的证书由E5签发。 在更新两份CA均为 E5 签发后,问题消失。 ### frpc Version 0.59 ### frps Version 0.59 ### System Architecture linux/amd64 ### Configurations As description ### Logs _No response_ ### Steps to reproduce _No response_
gitea-mirror commented 2026-05-05 14:13:27 -06:00
Author
Owner
Copy link

@xqzr commented on GitHub (Aug 10, 2024):

尝试 fullchain.cer

<!-- gh-comment-id:2282305432 --> @xqzr commented on GitHub (Aug 10, 2024): 尝试 `fullchain.cer`
gitea-mirror commented 2026-05-05 14:13:28 -06:00
Author
Owner
Copy link

@MironChen commented on GitHub (Aug 11, 2024):

# frpc.toml
transport.tls.certFile = "/to/cert/path/client.crt"
transport.tls.keyFile = "/to/key/path/client.key"
transport.tls.trustedCaFile = "/to/ca/path/ca.crt"

# frps.toml
transport.tls.certFile = "/to/cert/path/server.crt"
transport.tls.keyFile = "/to/key/path/server.key"
transport.tls.trustedCaFile = "/to/ca/path/ca.crt"

按照 frp 提供的官方文档,似乎只提供了分别使用三个文件的方法?

<!-- gh-comment-id:2282645732 --> @MironChen commented on GitHub (Aug 11, 2024): ``` # frpc.toml transport.tls.certFile = "/to/cert/path/client.crt" transport.tls.keyFile = "/to/key/path/client.key" transport.tls.trustedCaFile = "/to/ca/path/ca.crt" # frps.toml transport.tls.certFile = "/to/cert/path/server.crt" transport.tls.keyFile = "/to/key/path/server.key" transport.tls.trustedCaFile = "/to/ca/path/ca.crt" ``` 按照 frp 提供的官方文档,似乎只提供了分别使用三个文件的方法?
gitea-mirror commented 2026-05-05 14:13:29 -06:00
Author
Owner
Copy link

@fatedier commented on GitHub (Aug 12, 2024):

一般来说需要相同的 CA 签发。

<!-- gh-comment-id:2283062514 --> @fatedier commented on GitHub (Aug 12, 2024): 一般来说需要相同的 CA 签发。
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
new
master
copilot/review-pull-request-5198
v0.68.1
v0.68.0
v0.67.0
v0.66.0
v0.65.0
v0.64.0
v0.63.0
v0.62.1
v0.62.0
v0.61.2
v0.61.1
v0.61.0
v0.60.0
v0.59.0
v0.58.1
v0.58.0
v0.57.0
v0.56.0
v0.55.1
v0.55.0
v0.54.0
v0.53.2
v0.53.1
v0.53.0
v0.52.3
v0.52.2
v0.52.1
v0.52.0
v0.51.3
v0.51.2
v0.51.1
v0.51.0
v0.50.0
v0.49.0
v0.48.0
v0.47.0
v0.46.1
v0.46.0
v0.45.0
v0.44.0
v0.43.0
v0.42.0
v0.41.0
v0.40.0
v0.39.1
v0.39.0
v0.38.0
v0.37.1
v0.37.0
v0.36.2
v0.36.1
v0.36.0
v0.35.1
v0.35.0
v0.34.3
v0.34.2
v0.34.1
v0.34.0
v0.33.0
v0.32.1
v0.32.0
v0.31.2
v0.31.1
v0.31.0
v0.30.0
v0.29.1
v0.29.0
v0.28.2
v0.28.1
v0.28.0
v0.27.1
v0.27.0
v0.26.0
v0.25.3
v0.25.2
v0.25.1
v0.25.0
v0.24.1
v0.24.0
v0.23.3
v0.23.2
v0.23.1
v0.23.0
v0.22.0
v0.21.0
v0.20.0
v0.19.1
v0.19.0
v0.18.0
v0.17.0
v0.16.1
v0.16.0
v0.15.1
v0.15.0
v0.14.1
v0.14.0
v0.13.0
v0.12.0
v0.11.0
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.1
v0.8.0
v0.7.0
v0.6.0
v0.5.0
v0.3.0
v0.2.0
v0.1.0
Labels
Clear labels   
In Progress

   
WIP

   
WaitingForInfo

   
bug

   
doc

   
duplicate

   
easy

   
enhancement

   
future

   
help wanted

   
invalid

   
lifecycle/stale

   
need-issue-template

   
need-usage-help

   
no plan

   
proposal

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
todo
No labels
In Progress
WIP
WaitingForInfo
bug
doc
duplicate
easy
enhancement
future
help wanted
invalid
lifecycle/stale
need-issue-template
need-usage-help
no plan
proposal
pull-request
question
todo
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#3455
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?