curl：（60）SSL证书问题：无法获取本地颁发者证书 root@sclrdev：/home/sclr/certs/FreshCerts#curl--ftp ssl--verbose ftp://{abc}/-u trup:trup--cacert/etc/ssl/certs/ca-certificates.crt *即将连接（）到{abc}端口21（#0） *正在尝试{abc}。。。 *已连接到{abc}（{abc}）端口21（#0）_Curl_Ssl_Openssl_Ssl Certificate_X509certificate

curl：（60）SSL证书问题：无法获取本地颁发者证书 root@sclrdev：/home/sclr/certs/FreshCerts#curl--ftp ssl--verbose ftp://{abc}/-u trup:trup--cacert/etc/ssl/certs/ca-certificates.crt *即将连接（）到{abc}端口21（#0） *正在尝试{abc}。。。 *已连接到{abc}（{abc}）端口21（#0）

curl ssl openssl

curl：（60）SSL证书问题：无法获取本地颁发者证书 root@sclrdev：/home/sclr/certs/FreshCerts#curl--ftp ssl--verbose ftp://{abc}/-u trup:trup--cacert/etc/ssl/certs/ca-certificates.crt *即将连接（）到{abc}端口21（#0） *正在尝试{abc}。。。 *已连接到{abc}（{abc}）端口21（#0）,curl,ssl,openssl,ssl-certificate,x509certificate,Curl,Ssl,Openssl,Ssl Certificate,X509certificate,它失败，因为cURL无法验证服务器提供的证书有两个选项可以让它工作：使用cURL和-k选项，该选项允许cURL建立不安全的连接，即cURL不验证证书将根CA（签署服务器证书的CA）添加到/etc/ssl/certs/CA证书。crt 您应该使用选项2，因为它是确保您连接到安全FTP服务器的选项。它失败，因为cURL无法验证服务器提供的证书有两个选项可以让它工作：使用cURL和-k选项，该选项允许cURL建立不安全的连接，即cURL不验证证书将根CA（签署服务器证书的CA）添加到/et

它失败，因为cURL无法验证服务器提供的证书

有两个选项可以让它工作：

使用cURL和

-k

选项，该选项允许cURL建立不安全的连接，即cURL不验证证书

将根CA（签署服务器证书的CA）添加到

/etc/ssl/certs/CA证书。crt

您应该使用选项2，因为它是确保您连接到安全FTP服务器的选项。

它失败，因为cURL无法验证服务器提供的证书

有两个选项可以让它工作：

使用cURL和

-k

选项，该选项允许cURL建立不安全的连接，即cURL不验证证书

将根CA（签署服务器证书的CA）添加到

/etc/ssl/certs/CA证书。crt

您应该使用选项2，因为它是确保您连接到安全FTP服务器的选项。

在windows上，我遇到了这个问题。Curl是由mysysgit安装的，因此下载并安装最新版本修复了我的问题

否则，关于如何更新您的CA证书，您可以尝试一下。在windows上，我遇到了这个问题。Curl是由mysysgit安装的，因此下载并安装最新版本修复了我的问题

否则，关于如何更新您的CA证书，您可以尝试一下。在安装Git Extensions v3.48之后，出现了这个问题。尝试再次安装mysysgit，但出现相同问题。最后，必须禁用（请考虑安全性暗示）Git SSL验证：

root@sclrdev:/home/sclr/certs/FreshCerts# curl --ftp-ssl --verbose ftp://{abc}/ -u trup:trup --cacert /etc/ssl/certs/ca-certificates.crt
* About to connect() to {abc} port 21 (#0)
*   Trying {abc}...
* Connected to {abc} ({abc}) port 21 (#0)
< 220-Cerberus FTP Server - Home Edition
< 220-This is the UNLICENSED Home Edition and may be used for home, personal use only
< 220-Welcome to Cerberus FTP Server
< 220 Created by Cerberus, LLC
> AUTH SSL
< 234 Authentication method accepted
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

但如果您有域证书，最好将其添加到（Win7）

安装Git Extensions v3.48后出现此问题。尝试再次安装mysysgit，但出现相同问题。最后，必须禁用（请考虑安全性暗示）Git SSL验证：

root@sclrdev:/home/sclr/certs/FreshCerts# curl --ftp-ssl --verbose ftp://{abc}/ -u trup:trup --cacert /etc/ssl/certs/ca-certificates.crt
* About to connect() to {abc} port 21 (#0)
*   Trying {abc}...
* Connected to {abc} ({abc}) port 21 (#0)
< 220-Cerberus FTP Server - Home Edition
< 220-This is the UNLICENSED Home Edition and may be used for home, personal use only
< 220-Welcome to Cerberus FTP Server
< 220 Created by Cerberus, LLC
> AUTH SSL
< 234 Authentication method accepted
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

但如果您有域证书，最好将其添加到（Win7）

我通过在cURL脚本中添加一行代码解决了这个问题：

C:\Program Files (x86)\Git\bin\curl-ca-bundle.crt

警告：这使得请求绝对不安全（请参见@YSU的回答）

我通过在cURL脚本中添加一行代码解决了这个问题：

C:\Program Files (x86)\Git\bin\curl-ca-bundle.crt

警告：这使得请求绝对不安全（请参见@YSU的回答）

与“SSL证书问题：无法获取本地颁发者证书”错误相关。需要注意的是，这适用于发送CURL请求的系统，而不是接收请求的服务器

从下载最新的cacert.pem

将以下行添加到php.ini：（如果这是共享主机，而您没有访问php.ini的权限，那么您可以将其添加到public_html中的.user.ini）

curl.cainfo=“/path/to/download/cacert.pem”

确保将路径括在双引号内

默认情况下，FastCGI进程将每300秒解析一次新文件（如果需要，您可以按照此处的建议添加两个文件来更改频率）

与“SSL证书问题：无法获取本地颁发者证书”错误相关。需要注意的是，这适用于发送CURL请求的系统，而不是接收请求的服务器

从下载最新的cacert.pem

将以下行添加到php.ini：（如果这是共享主机，而您没有访问php.ini的权限，那么您可以将其添加到public_html中的.user.ini）

curl.cainfo=“/path/to/download/cacert.pem”
确保将路径括在双引号内

默认情况下，FastCGI进程将每300秒解析一次新文件（如果需要，您可以按照此处的建议添加两个文件来更改频率）
简单解决方案：在
~/.sdkman/etc/config
中，更改
sdkman\u unsecure\u ssl=true
步骤：
nano
~/.sdkman/etc/config

将
sdkman\u unsecure\u ssl=false
更改为
sdkman\u unsecure\u ssl=true

保存并退出
简单解决方案：在
~/.sdkman/etc/config
中，更改
sdkman\u unsecure\u ssl=true
步骤：
nano
~/.sdkman/etc/config

$ cat intermediate.crt >> domain.crt

var fs = require(fs) var path = require('path') var https = require('https') var port = process.env.PORT || 8080; var app = express(); https.createServer({ key: fs.readFileSync(path.join(__dirname, './path to your private key/privkey.pem')), cert: fs.readFileSync(path.join(__dirname, './path to your certificate/cert.pem')), ca: fs.readFileSync(path.join(__dirname, './path to your CA file/chain.pem'))}, app).listen(port)

> curl -X GET "https://some.place"

CURL_CA_BUNDLE = C:\somefolder\cacert.pem

refreshenv

Network layout: |Web Server 10.x.x.x| <-> |pfSense 49.x.x.x| <-> |Open Internet|

sudo apt-get install ca-certificates

$client = new Client(env('API_HOST')); $client->setSslVerification(false);

curl --cacert mycertificate.cer -v https://www.stackoverflow.com

sudo update-ca-certificates -f

- abc.crt - abc.pem - abc-bunde.crt

-----BEGIN CERTIFICATE----- /*certificate content here*/ -----END CERTIFICATE-----

-----BEGIN CERTIFICATE----- /*additional certificate content here*/ -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- /*other certificate content here*/ -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- /*different certificate content here*/ -----END CERTIFICATE-----

-----BEGIN CERTIFICATE----- /*certificate content here*/ -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- /*additional certificate content here*/ -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- /*other certificate content here*/ -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- /*different certificate content here*/ -----END CERTIFICATE-----

curl https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem curl https://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt.pem curl -v https://mydigisite.com/sign_on --cacert DigiCertCA.pem ... * subjectAltName: host "mydigisite.com" matched cert's "mydigisite.com" * issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA * SSL certificate verify ok. > GET /users/sign_in HTTP/1.1 > Host: mydigisite.com > User-Agent: curl/7.65.1 > Accept: */* ...

curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);