Fatal编程技术网
  • curl/
  • CURL无法加载https资源;NSS错误-8181

CURL无法加载https资源;NSS错误-8181

curl https

CURL无法加载https资源;NSS错误-8181,curl,https,Curl,Https,我一直在尝试配置fresh专用服务器,但在CentOS 6(和7)上发现了一个奇怪的curl行为: 返回 curl (60): Peer certificate cannot be authenticated with known CA certificates 似乎curl对当前系统上安装的CA一无所知 # curl https://google.com --verbose * About to connect() to google.com port 443 (#0) * Trying

我一直在尝试配置fresh专用服务器,但在CentOS 6(和7)上发现了一个奇怪的curl行为:

返回

curl (60): Peer certificate cannot be authenticated with known CA certificates
似乎curl对当前系统上安装的CA一无所知

# curl https://google.com --verbose
* About to connect() to google.com port 443 (#0)
*   Trying 172.217.25.174... connected
* Connected to google.com (172.217.25.174) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Remote Certificate has expired.
* NSS error -8181
* Closing connection #0
* Peer certificate cannot be authenticated with known CA certificates
curl: (60) Peer certificate cannot be authenticated with known CA certificates
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

--不安全的
对我不好

我试图:

  • 重新安装ca证书
  • 通过
    更新ca信任提取来提取证书
  • 下载第三方ca证书
  • 甚至设置一个
    --cacert
    选项来直接执行curl
但这对我没有帮助

第一个想法-好的,fresh OS无法拥有实际版本的证书,但是如果我执行
yum update-y
,该怎么办?应该是真实的,不是吗

我已经检查了以前提出的类似于此和其他许多问题。

唯一让我明白的是,第行-
*远程证书已过期。
来自curl执行的详细响应

谷歌的证书怎么会处于过期状态?现在几点了

哎呀:

但现在是2017年11月30日

好,

然后您必须检查
/etc/ntpd.conf
,如果它不存在:

sudo su
echo "server 0.pool.ntp.org" > /etc/ntpd.conf && service ntpd start
并检查:

# date
Thursday, 30 November 2017 14:03:35 +0000
不要忘记设置本地时间,例如UTC时间:

sudo mv /etc/localtime /tmp/localtime.bak
sudo ln -s /usr/share/zoneinfo/UTC /etc/localtime
另外,关于ntp配置的更多信息,您可以获得

sudo su
echo "server 0.pool.ntp.org" > /etc/ntpd.conf && service ntpd start

# date
Thursday, 30 November 2017 14:03:35 +0000

sudo mv /etc/localtime /tmp/localtime.bak
sudo ln -s /usr/share/zoneinfo/UTC /etc/localtime