CURL未正确应用CA证书文件
我无法让curl验证的SSL证书。它在我的网络浏览器中运行良好。证书是由DigiCert签署的,我认为它可能没有包含在我的linux设备包中 为了尝试解决这个问题,我在CURL未正确应用CA证书文件,curl,ssl,https,Curl,Ssl,Https,我无法让curl验证的SSL证书。它在我的网络浏览器中运行良好。证书是由DigiCert签署的,我认为它可能没有包含在我的linux设备包中 为了尝试解决这个问题,我在AllCA.pem文件中从我的windows机器中提取了CA证书(可以在中看到,并告诉curl使用该证书。ssl验证仍然失败。然后,我尝试通过从浏览器查看证书链并将此证书与curl一起使用来提取DigiCert根证书。它仍然不会验证证书。这是DigiCert.pem文件 -----BEGIN CERTIFICATE----- MI
AllCA.pem-----BEGIN CERTIFICATE-----
MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
ZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL
MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug
RVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm
+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW
PNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM
xChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB
Ik5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3
hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg
EsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF
MAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA
FLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec
nzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z
eM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF
hS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2
Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep
+OkuE6N36B9K
-----END CERTIFICATE-----
* About to connect() to testintegrations.pentanasolutions.com port 443 (#0)
* Trying 203.25.42.36... connected
* Connected to testintegrations.pentanasolutions.com (203.25.42.36) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /Volumes/C/Users/caleb/Desktop/DigiCert2.cer
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
* Closing connection #0
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
这很有效,我觉得很奇怪,因为
DigiCert.pem不幸的是,忘记在web服务器中配置证书链是一个非常常见的错误,因为只有当浏览器不记得以前连接中的中间证书时,验证才会失败。如果这对其他人有利,我也会遇到同样的问题,尽管根本原因是服务器端 我可以使用FileZilla客户端通过SSL连接到FTP,但使用cURL时出现上述异常。我的服务器正在运行FileZilla服务器。 经过大量调查,我发现问题在于我将FileZilla指向了我的CRT文件,但这只包含了我的证书,而不是中间的证书。通过修改CRT文件以包含两个证书的代码,一切都很好
更多信息请点击此处:(具体由Tim Kosse于2009-10-01 13:01发布).非常感谢您的帮助。通过将中间证书添加到捆绑包中,我已经能够使其正常工作。作为将来的参考,是否有一种很好的方法来查看服务器是否提供了中间证书?我正在查看chrome,但我似乎看不到这些信息,因为它只是显示了完整的证书这是firefox简化的功能还是有其他工具?
openssl s_客户端-连接主机:端口