curl:(60)SSL证书问题:无法获取本地颁发者证书 root@sclrdev:/home/sclr/certs/FreshCerts#curl--ftp ssl--verbose ftp://{abc}/-u trup:trup--cacert/etc/ssl/certs/ca-certificates.crt *即将连接()到{abc}端口21(#0) *正在尝试{abc}。。。 *已连接到{abc}({abc})端口21(#0)
它失败,因为cURL无法验证服务器提供的证书 有两个选项可以让它工作:curl:(60)SSL证书问题:无法获取本地颁发者证书 root@sclrdev:/home/sclr/certs/FreshCerts#curl--ftp ssl--verbose ftp://{abc}/-u trup:trup--cacert/etc/ssl/certs/ca-certificates.crt *即将连接()到{abc}端口21(#0) *正在尝试{abc}。。。 *已连接到{abc}({abc})端口21(#0),curl,ssl,openssl,ssl-certificate,x509certificate,Curl,Ssl,Openssl,Ssl Certificate,X509certificate,它失败,因为cURL无法验证服务器提供的证书 有两个选项可以让它工作: 使用cURL和-k选项,该选项允许cURL建立不安全的连接,即cURL不验证证书 将根CA(签署服务器证书的CA)添加到/etc/ssl/certs/CA证书。crt 您应该使用选项2,因为它是确保您连接到安全FTP服务器的选项。它失败,因为cURL无法验证服务器提供的证书 有两个选项可以让它工作: 使用cURL和-k选项,该选项允许cURL建立不安全的连接,即cURL不验证证书 将根CA(签署服务器证书的CA)添加到/et
-k
选项,该选项允许cURL建立不安全的连接,即cURL不验证证书/etc/ssl/certs/CA证书。crt
您应该使用选项2,因为它是确保您连接到安全FTP服务器的选项。它失败,因为cURL无法验证服务器提供的证书 有两个选项可以让它工作:
-k
选项,该选项允许cURL建立不安全的连接,即cURL不验证证书/etc/ssl/certs/CA证书。crt
您应该使用选项2,因为它是确保您连接到安全FTP服务器的选项。在windows上,我遇到了这个问题。Curl是由mysysgit安装的,因此下载并安装最新版本修复了我的问题
否则,关于如何更新您的CA证书,您可以尝试一下。在windows上,我遇到了这个问题。Curl是由mysysgit安装的,因此下载并安装最新版本修复了我的问题
否则,关于如何更新您的CA证书,您可以尝试一下。在安装Git Extensions v3.48之后,出现了这个问题。尝试再次安装mysysgit,但出现相同问题。最后,必须禁用(请考虑安全性暗示)Git SSL验证:
root@sclrdev:/home/sclr/certs/FreshCerts# curl --ftp-ssl --verbose ftp://{abc}/ -u trup:trup --cacert /etc/ssl/certs/ca-certificates.crt
* About to connect() to {abc} port 21 (#0)
* Trying {abc}...
* Connected to {abc} ({abc}) port 21 (#0)
< 220-Cerberus FTP Server - Home Edition
< 220-This is the UNLICENSED Home Edition and may be used for home, personal use only
< 220-Welcome to Cerberus FTP Server
< 220 Created by Cerberus, LLC
> AUTH SSL
< 234 Authentication method accepted
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
但如果您有域证书,最好将其添加到(Win7)
安装Git Extensions v3.48后出现此问题。尝试再次安装mysysgit,但出现相同问题。最后,必须禁用(请考虑安全性暗示)Git SSL验证:
root@sclrdev:/home/sclr/certs/FreshCerts# curl --ftp-ssl --verbose ftp://{abc}/ -u trup:trup --cacert /etc/ssl/certs/ca-certificates.crt
* About to connect() to {abc} port 21 (#0)
* Trying {abc}...
* Connected to {abc} ({abc}) port 21 (#0)
< 220-Cerberus FTP Server - Home Edition
< 220-This is the UNLICENSED Home Edition and may be used for home, personal use only
< 220-Welcome to Cerberus FTP Server
< 220 Created by Cerberus, LLC
> AUTH SSL
< 234 Authentication method accepted
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
但如果您有域证书,最好将其添加到(Win7)
我通过在cURL脚本中添加一行代码解决了这个问题:
C:\Program Files (x86)\Git\bin\curl-ca-bundle.crt
警告:这使得请求绝对不安全(请参见@YSU的回答) 我通过在cURL脚本中添加一行代码解决了这个问题:
C:\Program Files (x86)\Git\bin\curl-ca-bundle.crt
警告:这使得请求绝对不安全(请参见@YSU的回答) 与“SSL证书问题:无法获取本地颁发者证书”错误相关。需要注意的是,这适用于发送CURL请求的系统,而不是接收请求的服务器
curl.cainfo=“/path/to/download/cacert.pem”
确保将路径括在双引号内强>与“SSL证书问题:无法获取本地颁发者证书”错误相关。需要注意的是,这适用于发送CURL请求的系统,而不是接收请求的服务器
curl.cainfo=“/path/to/download/cacert.pem”
确保将路径括在双引号内强>~/.sdkman/etc/config
中,更改sdkman\u unsecure\u ssl=true
步骤:nano
~/.sdkman/etc/config
将
sdkman\u unsecure\u ssl=false
更改为sdkman\u unsecure\u ssl=true
保存并退出简单解决方案: 在
~/.sdkman/etc/config
中,更改sdkman\u unsecure\u ssl=true
步骤:nano
~/.sdkman/etc/config
$ cat intermediate.crt >> domain.crt
var fs = require(fs)
var path = require('path')
var https = require('https')
var port = process.env.PORT || 8080;
var app = express();
https.createServer({
key: fs.readFileSync(path.join(__dirname, './path to your private key/privkey.pem')),
cert: fs.readFileSync(path.join(__dirname, './path to your certificate/cert.pem')),
ca: fs.readFileSync(path.join(__dirname, './path to your CA file/chain.pem'))}, app).listen(port)
> curl -X GET "https://some.place"
CURL_CA_BUNDLE = C:\somefolder\cacert.pem
refreshenv
Network layout: |Web Server 10.x.x.x| <-> |pfSense 49.x.x.x| <-> |Open Internet|
sudo apt-get install ca-certificates
$client = new Client(env('API_HOST'));
$client->setSslVerification(false);
curl --cacert mycertificate.cer -v https://www.stackoverflow.com
sudo update-ca-certificates -f
- abc.crt
- abc.pem
- abc-bunde.crt
-----BEGIN CERTIFICATE-----
/*certificate content here*/
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
/*additional certificate content here*/
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
/*other certificate content here*/
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
/*different certificate content here*/
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
/*certificate content here*/
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
/*additional certificate content here*/
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
/*other certificate content here*/
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
/*different certificate content here*/
-----END CERTIFICATE-----
curl https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem
curl https://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt.pem
curl -v https://mydigisite.com/sign_on --cacert DigiCertCA.pem
...
* subjectAltName: host "mydigisite.com" matched cert's "mydigisite.com"
* issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
* SSL certificate verify ok.
> GET /users/sign_in HTTP/1.1
> Host: mydigisite.com
> User-Agent: curl/7.65.1
> Accept: */*
...
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);