[英]curl server certificate verification failed
我有一堆使用curl與各種服務進行通信的PHP腳本。 目前,這些服務的SSL證書之一已更新,當我嘗試從服務器的CLI進行獲取時,我的彎腰開始哭泣:
~$ curl https://example.com
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.
目前,我對所有請求進行了硬編碼verify => false ,以保持腳本運行,但這不是我想要的。
我從mozilla獲得了最新的cacert文件 ,將其放在/etc/ssl/certs/ca-certificates.crt ,然后運行了成功運行的sudo update-ca-certificates (我想..)
~$ sudo update-ca-certificates
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
但是話又說回來,curl對此不太滿意,如果不通過-k標志,仍然無法獲取我的資源。
您可以使用openssl s_client命令進一步調試該問題,以便找出證書似乎確實存在的問題。
openssl s_client -showcerts -servername myservice.com -connect myservice.com:443
CurlException:[curl] 51:SSL:證書驗證失敗
[英]CurlException: [curl] 51: SSL: certificate verification failed
沒有黑客攻擊CurlException:60(cURL SSL證書驗證)
[英]Not hacking CurlException: 60 (cURL SSL Certificate Verification)
卷毛失敗,響應:mailwizz上的“無法獲取本地發行者證書”
[英]Curl failed with response: 'unable to get local issuer certificate' on mailwizz
Curl 失敗:NSS:未找到客戶端證書(未指定昵稱)-在 Centos 7
[英]Curl failed: NSS: client certificate not found (nickname not specified) - On Centos 7
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.