CurlException:[curl] 51:SSL:证书验证失败
[英]CurlException: [curl] 51: SSL: certificate verification failed
问题描述
Can't figure out what could be: 
无法弄清楚可能是什么:
In my local environment, after I updated my OSX to the last version of Yosemite, I get this error: 在我的本地环境中,在我将OSX更新到最后一个版本的Yosemite后,我收到此错误:
CurlException: [curl] 51: SSL: certificate verification failed (result: 5) [url]
I'm using Symfony2 so it is related to PHP. 我正在使用Symfony2,所以它与PHP有关。 I tried to reinstall openssl but nothing happen. 我试图重新安装openssl但没有任何反应。
Any suggestion? 有什么建议吗?
5 个解决方案
解决方案1
2 2017-04-18 20:06:39
Look at the certificate chain for whatever domain is giving you this error. 查看证书链中的任何域名都会给您出现此错误。 For me it was googleapis.com 对我来说这是googleapis.com
openssl s_client -host www.googleapis.com -port 443
You'll get back something like this: 你会得到这样的东西:
CONNECTED(00000005)
depth=1 C = US, O = Google Trust Services, CN = Google Internet Authority G3
verify error:num=20:unable to get local issuer certificate
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.googleapis.com
i:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
1 s:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
i:/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
Note: I captured this after I fixed the issue. 注意:我在修复问题后捕获了这个。 Also, your chain output will look different. 此外,您的链输出将看起来不同。
Then you need to look at the certificates allowed in php running under apache . 然后你需要查看在apache下运行的php中允许的证书。 Run phpinfo() in a page. 在页面中运行phpinfo()。
<?php echo phpinfo();
Then look for the certificate file that's loaded from the page output by searching the page for openssl.cafile : 然后通过在页面中搜索openssl.cafile来查找从页面输出加载的证书文件:
openssl.cafile openssl.cafile /usr/local/php5/ssl/certs/cacert.pem
This is the file you'll need to fix by adding the correct certificate(s) to it. 这是您需要通过向其添加正确的证书来修复的文件。
sudo nano /usr/local/php5/ssl/certs/cacert.pem
You basically need to append the correct certificate "signatures" to the end of this file. 您基本上需要将正确的证书“签名”附加到此文件的末尾。
You can find some of them here: 你可以在这里找到一些:
- https://pki.google.com/ https://pki.google.com/
- https://www.geotrust.com/resources/root-certificates/index.html https://www.geotrust.com/resources/root-certificates/index.html
They look like this: 它们看起来像这样:
( Note: This is an image so people will not simply copy/paste certificates from stackoverflow ) ( 注意:这是一个图像,所以人们不会简单地从stackoverflow复制/粘贴证书 )
If you need to convert a .crt to pem, you'll need to do something like this: 如果您需要将.crt转换为pem,则需要执行以下操作:
openssl x509 -inform DER -outform PEM -in GIAG2.crt -out GIA2.pem
Once the right certificates are in this file, restart apache and test. 一旦正确的证书在此文件中,请重新启动apache并进行测试。
解决方案2
1 已采纳 2014-08-21 10:32:00
Someone already asked a similar question, please look here: HTTPS and SSL3_GET_SERVER_CERTIFICATE:certificate verify failed, CA is OK 有人已经问过类似的问题,请看这里: HTTPS和SSL3_GET_SERVER_CERTIFICATE:证书验证失败,CA没问题
also, there is an article here: http://unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-ssltls-protected-sites/ 另外,这里有一篇文章: http : //unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-ssltls-protected-sites/
解决方案3
1 2017-10-23 08:41:55
Fix for this problem is to unset the value for SSL_CERT_FILE 修复此问题的方法是取消设置SSL_CERT_FILE的值
Run the command : 运行命令:
export SSL_CERT_FILE=""
And then try performing the desired actions and it will work properly. 然后尝试执行所需的操作,它将正常工作。
Reference : Curl 'certificate verification failed' on mac 参考: Mac上的卷曲'证书验证失败'
解决方案4
0 2014-08-23 07:57:37
尝试将curl从7.37.1(beta2附带)降级到7.37.0
解决方案5
0 2016-03-22 12:33:20
Add those options to ignore ceritificate: 添加这些选项以忽略ceritificate:
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ ch,CURLOPT_SSL_VERIFYHOST,0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ ch,CURLOPT_SSL_VERIFYPEER,0);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.