curl: (60) SSL 证书:无法获得本地颁发者证书
[英]curl: (60) SSL certificate: unable to get local issuer certificate
问题描述
Just installed a Comodo certificate on our server, (centos 5) https works fine, the website works fine with https.
刚刚在我们的服务器上安装了 Comodo 证书,(centos 5) https 工作正常,网站使用 https 工作正常。 But one of our wordpress plugin但是我们的 wordpress 插件之一
.htaccess file contains rules to rewrite url https://example.com/w3tc_rewrite_test into https://example.com/?w3tc_rewrite_test which, if handled by plugin, return "OK" message. .htaccess文件包含将 url https://example.com/w3tc_rewrite_test重写为https://example.com/?w3tc_rewrite_test规则,如果由插件处理,则返回“OK”消息。 The plugin made a request to https://example.com/w3tc_rewrite_test but received:该插件向https://example.com/w3tc_rewrite_test发出请求,但收到了:
SSL certificate problem: unable to get local issuer certificate
instead of "OK" response.而不是“OK”响应。
executing the command: curl https://example.com results in:执行命令: curl https://example.com结果:
curl: (60) SSL certificate problem: unable to get local issuer certificate
on external server:在外部服务器上:
curl: (60) Peer certificate cannot be authenticated with known CA certificates
I already downloaded the latest ca certificates, manually pointed to the crt/pem file in php.ini all to no avail...我已经下载了最新的ca证书,手动指向php.ini中的crt/pem文件都无济于事...
Also changed the CA server certificate to the CAroot that was supplied by comodo.还将 CA 服务器证书更改为由 comodo 提供的 CAroot。
openssl s_client -connect example.com:443
CONNECTED(00000003)
28211:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:
openssl s_client -tls1 -connect example.com:443
CONNECTED(00000003)
depth=0 /OU=Domain Control Validated/OU=PositiveSSL/CN=www.example.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /OU=Domain Control Validated/OU=PositiveSSL/CN=www.example.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /OU=Domain Control Validated/OU=PositiveSSL/CN=www.example.com
verify error:num=21:unable to verify the first certificate
verify return:1
2 个解决方案
解决方案1
1 2015-03-04 08:12:29
Check your sites with SSLLabs for problems, especially missing chain certificates.使用SSLLabs检查您的站点是否存在问题,尤其是缺少链证书。 At least the site swedendedicated.com you mentioned (before you did the last edit) has serious problems:至少您提到的网站swedendedicated.com (在您进行最后一次编辑之前)存在严重问题:
Chain issues Incomplete
Thus it will work with most browsers which either have the missing certificate cached or will download the missing certificate.因此,它适用于大多数浏览器,这些浏览器要么缓存了丢失的证书,要么下载丢失的证书。 Non-Browsers will usually neither cache nor download missing certificates and thus will fail.非浏览器通常既不会缓存也不会下载丢失的证书,因此会失败。
The fix is to reconfigure your server to include the missing certificates.修复方法是重新配置您的服务器以包含丢失的证书。 If you have questions how to do this look at the instructions you got from your certificate provider.如果您对如何执行此操作有疑问,请查看您从证书提供商处获得的说明。 If this does not help ask at serverfault.com.如果这没有帮助,请访问 serverfault.com。
解决方案2
0 2021-06-16 20:26:20
This is a very generic issue.这是一个非常普遍的问题。 It is saying it is not able to find the intermediate certificate in the certificate store.它说它无法在证书存储中找到中间证书。 Try manually stripping out the intermediate certificate and install it.尝试手动剥离中间证书并安装它。
I faced this while working with Python requests module.我在使用 Python requests 模块时遇到了这个问题。
I was also creating a ca.pem file and putting the server certificate there(The server public key).我还在创建一个 ca.pem 文件并将服务器证书放在那里(服务器公钥)。 I put the Intermediate CA certificate with the server certificate.我将中间 CA 证书与服务器证书放在一起。 Then I got:然后我得到:
unable to find issuer certificate.无法找到颁发者证书。
I then added the root ca in the pem file and it did the trick.然后我在 pem 文件中添加了根 ca,它就成功了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.