📌 CA Root Certificate Installation and Self-Signed Certificate Compatibility Guide (Windows / Linux / Various Languages)
This system's HTTPS interfaces use CA or self-signed certificate system.
In environments where the certificate is not trusted, the following errors may occur:
Solutions are divided into two categories:
In environments where the certificate is not trusted, the following errors may occur:
SSL certificate problem: unable to get local issuer certificate
x509: certificate signed by unknown authority
The underlying connection was closed
Certificate not trusted / handshake failure
x509: certificate signed by unknown authority
The underlying connection was closed
Certificate not trusted / handshake failure
Solutions are divided into two categories:
- ✔ Formal solution: Install CA root certificate (recommended)
- ⚠ Development solution: Ignore certificate verification (testing only)
✔ Method 1: GUI installation (recommended)
1. Download BYW dedicated certificate (Windows / Linux / all languages universal):
Download CA Root Certificate
2. Double-click the certificate file → Install certificate
Select: Current User or Local Computer (recommended)
3. Certificate store location:
Trusted Root Certification Authorities
4. Complete installation → verify success
✔ Method 2: Command line installation (administrator)
certutil -addstore root BYW-RootCA.crt
Verify:
certutil -store root
- CentOS / RHEL
- Ubuntu / Debian
cp BYW-RootCA.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust
update-ca-trust
cp BYW-RootCA.crt /usr/local/share/ca-certificates/
update-ca-certificates
update-ca-certificates
✔ Verification:
curl -k https://api.byw.bet:8680
If "Hello World" appears, it indicates success
🟦 C# / .NET
ServicePointManager.ServerCertificateValidationCallback +=
(sender, cert, chain, sslPolicyErrors) => true;
var handler = new HttpClientHandler
{
ServerCertificateCustomValidationCallback =
(message, cert, chain, errors) => true
};
var client = new HttpClient(handler);
☕ Java
HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> true);
🟨 Node.js
NODE_TLS_REJECT_UNAUTHORIZED=0
process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
🐍 Python
requests.get(url, verify=False)
urllib3.disable_warnings()
🧪 curl
curl -k https://api.byw.bet:8680
✔ Production: HTTPS certificate validation must be enabled
✔ Recommended to install CA root certificate
✔ Self-signed certificates are for testing only
❌ Not recommended to disable certificate verification or ignore SSL errors
✔ Recommended to install CA root certificate
✔ Self-signed certificates are for testing only
❌ Not recommended to disable certificate verification or ignore SSL errors
🧠 Installing CA root certificates establishes a trust chain; ignoring certificate validation bypasses security mechanisms and is for development only.