卷曲证书验证失败
[英]Curl certificate verification failed
问题描述
I have installed the SSL certificates on my site and it is working in chrome and also in firefox. 
我已经在自己的网站上安装了SSL证书,并且可以在chrome和Firefox中使用。 But whenever I perform curl with my site url, I am getting the below error. 但是,每当我使用网站网址执行curl时,都会出现以下错误。
* Connected to www.example.org port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 597 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
* Closing connection 0
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
I have seen many questions related to this and have tried them. 我已经看到许多与此相关的问题,并已尝试过。 I have tried updating the ca-certificates in my local and the error changed from local issuer verification to what it is now. 我尝试在本地更新ca证书,并且错误从本地发行者验证更改为现在的错误。
Can anyone suggest me where I am going worng? 谁能建议我要去哪里?
1 个解决方案
解决方案1
2 已采纳 2018-05-03 08:01:17
Since you don't provide the URL to replicate the problem I can only speculate what the reason might be. 由于您不提供复制问题的URL,因此我只能推测原因。 But chances are high that your server is misconfigured and does not sent the required chain (intermediate) certificates, ie some chain certificate is missing. 但是很有可能您的服务器配置错误并且没有发送所需的链(中间)证书,即缺少某些链证书。 Desktop browsers often work around this issue but other clients will usually fail. 桌面浏览器通常可以解决此问题,但其他客户端通常会失败。
To verify my speculation check your site against SSLLabs and look out for reported chain issues. 为了验证我的推测,请对照SSLLabs检查您的网站,并注意报告的连锁问题。
Update: according to the comments of the OP at this question I was right. 更新:根据OP在这个问题上的评论,我是对的。 SSLLabs complained about "This server's certificate chain is incomplete" and also set the grade to B because of this. SSLLabs抱怨“此服务器的证书链不完整” ,因此也将等级设置为B。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.