github-starred/frp
2
0
Fork 0
mirror of https://github.com/fatedier/frp.git synced 2026-05-15 16:15:49 -06:00
Code Issues 40 Projects Packages Wiki Activity Actions 1

[GH-ISSUE #4634] SSL证书配置frp双向认证失败,单向认证中:frp客户端使用client.crt+client.key认证服务端的ca.crt成功,但是frp客户端使用ca.crt认证服务端的server.crt+server.key失败 #3660

New issue
Closed
opened 2026-05-05 14:20:57 -06:00 by gitea-mirror · 2 comments
gitea-mirror commented 2026-05-05 14:20:57 -06:00
Owner
Copy link

Originally created by @Songs-YZS on GitHub (Jan 12, 2025).
Original GitHub issue: https://github.com/fatedier/frp/issues/4634

Bug Description

SSL证书配置frp双向认证失败,单向认证中:frp客户端使用client.crt+client.key认证服务端的ca.crt成功,但是frp客户端使用ca.crt认证服务端的server.crt+server.key失败。
成功图:
image
失败图:
image
但是我在openssl上验证过ca.crt认证server.crt+server.key是成功的:
验证证书没问题:
服务端启用server.crt+server.key开启8080端口:
image
客户端启用ca.crt成功连接8080端口:
image
image

frpc Version

0.61.1

frps Version

0.61.1

System Architecture

WInodw+Linux平台都试了

Configurations

~

Logs

No response

Steps to reproduce

...

Affected area

  • Docs
  • Installation
  • Performance and Scalability
  • Security
  • User Experience
  • Test and Release
  • Developer Infrastructure
  • Client Plugin
  • Server Plugin
  • Extensions
  • Others
Originally created by @Songs-YZS on GitHub (Jan 12, 2025). Original GitHub issue: https://github.com/fatedier/frp/issues/4634 ### Bug Description SSL证书配置frp双向认证失败,单向认证中:frp客户端使用client.crt+client.key认证服务端的ca.crt成功,但是frp客户端使用ca.crt认证服务端的server.crt+server.key失败。 成功图: ![image](https://github.com/user-attachments/assets/8d547a37-29b7-4a71-a49d-e9269cb9c572) 失败图: ![image](https://github.com/user-attachments/assets/ff270553-6925-4b4c-8be6-acf2d37ce49b) 但是我在openssl上验证过ca.crt认证server.crt+server.key是成功的: 验证证书没问题: 服务端启用server.crt+server.key开启8080端口: ![image](https://github.com/user-attachments/assets/2924a4ab-05cd-4061-91fd-75e796644642) 客户端启用ca.crt成功连接8080端口: ![image](https://github.com/user-attachments/assets/d61cddbb-c20a-4bde-8fb3-28ed5f43be18) ![image](https://github.com/user-attachments/assets/a724f312-322a-4bb4-81cf-7a72670421d3) ### frpc Version 0.61.1 ### frps Version 0.61.1 ### System Architecture WInodw+Linux平台都试了 ### Configurations ~ ### Logs _No response_ ### Steps to reproduce 1. 2. 3. ... ### Affected area - [ ] Docs - [ ] Installation - [ ] Performance and Scalability - [ ] Security - [ ] User Experience - [ ] Test and Release - [ ] Developer Infrastructure - [ ] Client Plugin - [ ] Server Plugin - [ ] Extensions - [ ] Others
gitea-mirror 2026-05-05 14:20:57 -06:00
gitea-mirror commented 2026-05-05 14:21:00 -06:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Jan 27, 2025):

Issues go stale after 14d of inactivity. Stale issues rot after an additional 3d of inactivity and eventually close.

<!-- gh-comment-id:2614662765 --> @github-actions[bot] commented on GitHub (Jan 27, 2025): Issues go stale after 14d of inactivity. Stale issues rot after an additional 3d of inactivity and eventually close.
gitea-mirror commented 2026-05-05 14:21:00 -06:00
Author
Owner
Copy link

@Vekixx commented on GitHub (May 22, 2025):

  1. 参照https://gofrp.org/zh-cn/docs/features/common/network/network-tls/#openssl-%E7%94%9F%E6%88%90%E8%AF%81%E4%B9%A6%E7%A4%BA%E4%BE%8B生成相应证书

生成server证书时将DNS:example.server.com改为DNS:域名IP:127.0.0.1改为IP:服务器ip
生成client证书DNS:example.client.com改为DNS:域名

2.证书位置frps/c.toml同目录的ssl文件夹内
your_project_folder/
├── frps/c.toml
└── ssl/
└── .crt/.key

3.docker run/docker-compose.yml修改
增加-v {your_frp_folder}/ssl:/etc/frp/ssl 或者 volumes:下增加- ./ssl:/etc/frp/ssl

4.frps/c.toml内添加

transport.tls.certFile = "/etc/frp/ssl/server.crt"
transport.tls.keyFile = "/etc/frp/ssl/server.key"
transport.tls.trustedCaFile = "/etc/frp/ssl/ca.crt"

transport.tls.certFile = "./ssl/client.crt"
transport.tls.keyFile = "./ssl/client.key"
transport.tls.trustedCaFile = "./ssl/ca.crt"
<!-- gh-comment-id:2901253959 --> @Vekixx commented on GitHub (May 22, 2025): 1. 参照[https://gofrp.org/zh-cn/docs/features/common/network/network-tls/#openssl-%E7%94%9F%E6%88%90%E8%AF%81%E4%B9%A6%E7%A4%BA%E4%BE%8B](https://gofrp.org/zh-cn/docs/features/common/network/network-tls/#openssl-%E7%94%9F%E6%88%90%E8%AF%81%E4%B9%A6%E7%A4%BA%E4%BE%8B)生成相应证书 > 生成server证书时将`DNS:example.server.com`改为`DNS:域名`,`IP:127.0.0.1`改为`IP:服务器ip` > 生成client证书`DNS:example.client.com`改为`DNS:域名` 2.证书位置frps/c.toml同目录的ssl文件夹内 your_project_folder/ ├── frps/c.toml └── ssl/ └── *.crt/*.key 3.docker run/docker-compose.yml修改 增加`-v {your_frp_folder}/ssl:/etc/frp/ssl` 或者 `volumes:`下增加`- ./ssl:/etc/frp/ssl` 4.frps/c.toml内添加 ```toml transport.tls.certFile = "/etc/frp/ssl/server.crt" transport.tls.keyFile = "/etc/frp/ssl/server.key" transport.tls.trustedCaFile = "/etc/frp/ssl/ca.crt" ``` ```toml transport.tls.certFile = "./ssl/client.crt" transport.tls.keyFile = "./ssl/client.key" transport.tls.trustedCaFile = "./ssl/ca.crt" ```
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
new
master
copilot/review-pull-request-5198
v0.68.1
v0.68.0
v0.67.0
v0.66.0
v0.65.0
v0.64.0
v0.63.0
v0.62.1
v0.62.0
v0.61.2
v0.61.1
v0.61.0
v0.60.0
v0.59.0
v0.58.1
v0.58.0
v0.57.0
v0.56.0
v0.55.1
v0.55.0
v0.54.0
v0.53.2
v0.53.1
v0.53.0
v0.52.3
v0.52.2
v0.52.1
v0.52.0
v0.51.3
v0.51.2
v0.51.1
v0.51.0
v0.50.0
v0.49.0
v0.48.0
v0.47.0
v0.46.1
v0.46.0
v0.45.0
v0.44.0
v0.43.0
v0.42.0
v0.41.0
v0.40.0
v0.39.1
v0.39.0
v0.38.0
v0.37.1
v0.37.0
v0.36.2
v0.36.1
v0.36.0
v0.35.1
v0.35.0
v0.34.3
v0.34.2
v0.34.1
v0.34.0
v0.33.0
v0.32.1
v0.32.0
v0.31.2
v0.31.1
v0.31.0
v0.30.0
v0.29.1
v0.29.0
v0.28.2
v0.28.1
v0.28.0
v0.27.1
v0.27.0
v0.26.0
v0.25.3
v0.25.2
v0.25.1
v0.25.0
v0.24.1
v0.24.0
v0.23.3
v0.23.2
v0.23.1
v0.23.0
v0.22.0
v0.21.0
v0.20.0
v0.19.1
v0.19.0
v0.18.0
v0.17.0
v0.16.1
v0.16.0
v0.15.1
v0.15.0
v0.14.1
v0.14.0
v0.13.0
v0.12.0
v0.11.0
v0.10.0
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.1
v0.8.0
v0.7.0
v0.6.0
v0.5.0
v0.3.0
v0.2.0
v0.1.0
Labels
Clear labels   
In Progress

   
WIP

   
WaitingForInfo

   
bug

   
doc

   
duplicate

   
easy

   
enhancement

   
future

   
help wanted

   
invalid

   
lifecycle/stale

   
need-issue-template

   
need-usage-help

   
no plan

   
proposal

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
todo
No labels
In Progress
WIP
WaitingForInfo
bug
doc
duplicate
easy
enhancement
future
help wanted
invalid
lifecycle/stale
need-issue-template
need-usage-help
no plan
proposal
pull-request
question
todo
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#3660
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?