Heroku SSL证书验证结果:无法获取本地颁发者证书(20)
我正在尝试使用windows 8在Heroku上添加SSL证书。我指的是添加它。直到最后一步,一切都很顺利,但当我进去的时候Heroku SSL证书验证结果:无法获取本地颁发者证书(20),heroku,openssl,Heroku,Openssl,我正在尝试使用windows 8在Heroku上添加SSL证书。我指的是添加它。直到最后一步,一切都很顺利,但当我进去的时候 curl -kvI https://www.example.com 上面说 SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway. 以下是完整的输出: * Adding handle: conn: 0x606458 * Adding h
curl -kvI https://www.example.com
SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Adding handle: conn: 0x606458
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x606458) send_pipe: 1, recv_pipe: 0
* About to connect() to www.example.com port 443 (#0)
* Trying 107.21.111.209...
* Connected to www.example.com (107.21.111.209) port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES128-SHA
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=Heroku, Inc.; CN=*.her
okuapp.com
* start date: 2014-01-21 00:00:00 GMT
* expire date: 2017-05-19 12:00:00 GMT
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 Hig
h Assurance Server CA
* SSL certificate verify result: unable to get local issuer certificate (
20), continuing anyway.
> HEAD / HTTP/1.1
> User-Agent: curl/7.30.0
> Host: www.example.com
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
* Server Cowboy is not blacklisted
< Server: Cowboy
Server: Cowboy
< Connection: keep-alive
Connection: keep-alive
< X-Powered-By: Express
X-Powered-By: Express
< Accept-Ranges: bytes
Accept-Ranges: bytes
< Date: Thu, 02 Apr 2015 05:14:25 GMT
Date: Thu, 02 Apr 2015 05:14:25 GMT
< Cache-Control: public, max-age=0
Cache-Control: public, max-age=0
< Last-Modified: Tue, 31 Mar 2015 14:21:19 GMT
Last-Modified: Tue, 31 Mar 2015 14:21:19 GMT
< Etag: W/"9e3-2781781373"
Etag: W/"9e3-2781781373"
< Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8
< Content-Length: 2531
Content-Length: 2531
< Set-Cookie: connect.sid=s%3AiRH8B-WEim3II5fgpXfF1otZXeqvmdMi.ibAcnpY2ATqERWyMJ
3c%2BptFMqgQLwrFQvAoOW6zh9HM; Path=/; HttpOnly
Set-Cookie: connect.sid=s%3AiRH8B-WEim3II5fgpXfF1otZXeqvmdMi.ibAcnpY2ATqERWyMJ3c
%2BptFMqgQLwrFQvAoOW6zh9HM; Path=/; HttpOnly
< Via: 1.1 vegur
Via: 1.1 vegur
<
* Connection #0 to host www.example.com left intact
*添加句柄:conn:0x606458
*正在添加句柄:发送:0
*正在添加句柄:recv:0
*卷曲度加把手尺寸线:长度:1
*-Conn 0(0x606458)发送管道:1,接收管道:0
*即将连接()到www.example.com端口443(#0)
*正在尝试107.21.111.209。。。
*连接到www.example.com(107.21.111.209)端口443(#0)
*SSLv3,TLS握手,客户端hello(1):
*SSLv3,TLS握手,服务器hello(2):
*SSLv3,TLS握手,证书(11):
*SSLv3、TLS握手、服务器密钥交换(12):
*SSLv3,TLS握手,服务器完成(14):
*SSLv3、TLS握手、客户端密钥交换(16):
*SSLv3,TLS更改密码,客户端你好(1):
*SSLv3,TLS握手,完成(20):
*SSLv3,TLS更改密码,客户端你好(1):
*SSLv3,TLS握手,完成(20):
*使用DHE-RSA-AES128-SHA的SSL连接
*服务器证书:
*主题:C=美国;ST=加利福尼亚州;L=旧金山;O=Heroku公司。;CN=*。她
okuapp.com
*开始日期:2014-01-21 00:00:00 GMT
*截止日期:2017-05-19 12:00:00 GMT
*发行人:C=美国;O=DigiCert公司;OU=www.digicert.com;CN=数字签名集SHA2 Hig
h保证服务器CA
*SSL证书验证结果:无法获取本地颁发者证书(
20) ,但仍在继续。
>HEAD/HTTP/1.1
>用户代理:curl/7.30.0
>主持人:www.example.com
>接受:*/*
>
这里怎么了?提前感谢。您需要告诉
curlcurl -vI --cacert /etc/ssl/cert.pem
(到系统受信任根存储的确切路径因操作系统/发行版而异,因此它可能不完全是上述路径之一。)我组合了两个SSL证书,然后将其上载到heroku上。组合两个SSL证书的命令为:
cat certificate.crt gd_bundle.crt > combine.crt
它将结合
certificate.crtgd_bundle.crtcombine.crtwindows机器的capath
是什么?我正在尝试将网页从服务器下载到本地工作站,我无法使其工作。如果您使用的是Let's Encrypt,大多数软件包将生成一个fullchain.crt
文件,其中包含连接到一个文件中的叶证书和中间证书(bundle)。为什么会出现这个问题?
cat certificate.crt gd_bundle.crt > combine.crt