curl:(60) SSL证书问题:无法获取本地颁发者证书
curl:(60) SSL证书问题:无法获取本地颁发者证书
提问于 2014-07-07 21:23:05
root@sclrdev:/home/sclr/certs/FreshCerts# curl --ftp-ssl --verbose ftp://{abc}/ -u trup:trup --cacert /etc/ssl/certs/ca-certificates.crt
* About to connect() to {abc} port 21 (#0)
* Trying {abc}...
* Connected to {abc} ({abc}) port 21 (#0)
< 220-Cerberus FTP Server - Home Edition
< 220-This is the UNLICENSED Home Edition and may be used for home, personal use only
< 220-Welcome to Cerberus FTP Server
< 220 Created by Cerberus, LLC
> AUTH SSL
< 234 Authentication method accepted
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.回答 17
Stack Overflow用户
发布于 2018-04-02 23:46:55
对我来说,证书的简单安装很有帮助:
sudo apt-get install ca-certificatesStack Overflow用户
发布于 2014-11-24 20:12:28
在安装Git扩展v3.48之后出现了这个问题。再次尝试安装mysysgit,但同样的问题。最后,had必须禁用(请考虑安全问题!)Git SSL验证:
git config --global http.sslVerify false但是如果你有一个域证书,最好把它添加到(Win7)
C:\Program Files (x86)\Git\bin\curl-ca-bundle.crtStack Overflow用户
发布于 2020-03-04 20:05:33
我也遇到过这个问题。我读过这个帖子,大多数答案都很丰富,但对我来说太复杂了。我在网络话题方面没有经验,所以这个答案是给像我这样的人的。
在我的例子中,发生这个错误是因为我没有在我的应用程序中使用的证书旁边包含中间证书和根证书。
下面是我从SSL证书供应商那里得到的信息:
- abc.crt
- abc.pem
- abc-bunde.crt在abc.crt文件中,只有一个证书:
-----BEGIN CERTIFICATE-----
/*certificate content here*/
-----END CERTIFICATE-----如果我以这种格式提供它,浏览器将不会显示任何错误(火狐),但当我执行curl请求时,我会得到curl: (60) SSL certificate : unable to get local issuer certificate错误。
要修复此错误,请检查您的abc-bunde.crt文件。您很可能会看到如下所示的内容:
-----BEGIN CERTIFICATE-----
/*additional certificate content here*/
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
/*other certificate content here*/
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
/*different certificate content here*/
-----END CERTIFICATE-----这些是您的中间证书和根证书。发生错误,因为您提供给应用程序的SSL证书中缺少它们。
要修复此错误,请将这两个文件的内容合并为以下格式:
-----BEGIN CERTIFICATE-----
/*certificate content here*/
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
/*additional certificate content here*/
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
/*other certificate content here*/
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
/*different certificate content here*/
-----END CERTIFICATE-----请注意,证书之间、文件末尾或文件开头没有空格。一旦您将这个组合证书提供给您的应用程序,您的问题就应该得到解决。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/24611640
复制相关文章
相似问题