Linux中使用curl命令访问https站点错误和解决方法

阅读:168 2020-07-15 08:55:55

1、Peer’s Certificate issuer is not recognized


代码如下:


    [root@jiankong ~]# curl  -v  https://wx.87th.cn


*   CAfile: /etc/pki/tls/certs/ca-bundle.crt


    CApath: none


*   Peer's certificate issuer is not recognized: 'CN=Encryption Everywhere DV TLS CA - G2,OU=www.digicert.com,O=DigiCert Inc,C=US'


2、SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed


   [root@jiankong ~]# curl https://wx.87th.cn


    curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:


    error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed


解决办法是更新本地CA证书库。


方法一:


下载http://curl.haxx.se/ca/cacert.pem 替换/etc/pki/tls/certs/ca-bundle.crt


方法二:


使用update-ca-trust 更新CA证书库。(CentOS6,属于ca-certificates包)


方法三:


解决办法是将签发该证书的私有CA公钥cacert.pem文件内容,追加到/etc/pki/tls/certs/ca-bundle.crt


相关文章
{{ v.title }}
{{ v.description||(cleanHtml(v.content)).substr(0,100)+'···' }}
你可能感兴趣
推荐阅读 更多>
推荐商标

{{ v.name }}

{{ v.cls }}类

立即购买 联系客服