root@sclrdev:/home/sclr/certs/FreshCerts# curl --ftp-ssl --verbose ftp://{abc}/ -u trup:trup --cacert /etc/ssl/certs/ca-certificates.crt
* About to connect() to {abc} port 21 (#0)
* Trying {abc}...
* Connected to {abc} ({abc}) port 21 (#0)
< 220-Cerberus FTP Server - Home Edition
< 220-This is the UNLICENSED Home Edition and may be used for home, personal use only
< 220-Welcome to Cerberus FTP Server
< 220 Created by Cerberus, LLC
> AUTH SSL
< 234 Authentication method accepted
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
当前回答
在我的情况下,当我使用NodeJS设置SSl web服务器时,问题是因为我没有附加Bundle文件证书,最后我通过添加以下文件解决了这个问题:
注:代码来自aboutssl.org
var https = require('https');
var fs = require('fs');
var https_options = {
key: fs.readFileSync("/path/to/private.key"),
cert: fs.readFileSync("/path/to/your_domain_name.crt"),
ca: [
fs.readFileSync('path/to/CA_root.crt'),
fs.readFileSync('path/to/ca_bundle_certificate.crt') // this is the bundle file
]
};
https.createServer(options, function (req, res) {
res.writeHead(200);
res.end("Welcome to Node.js HTTPS Servern");
}).listen(8443)
在上面的文本中,用下面的粗体替换。
/ /私有道路。key -这是您的私钥文件的路径。
路径/ / your_domain_name。crt -输入SSL证书文件的路径。
路径/ / CA_root。crt - CA根证书文件的全路径。
path/to/ca_bundle_certificate——这是你上传的CA包文件的完整路径。
参考:https://aboutssl.org/how-to-install-ssl-certificate-on-node-js/
其他回答
这可以帮助你控制暴饮暴食:
$client = new Client(env('API_HOST'));
$client->setSslVerification(false);
测试在guzzle/guzzle 3.*
尝试在Ubuntu中重新安装curl,并使用sudo update-ca-certificates—fresh更新我的CA证书
以我为例,在我试图用cURL使用的服务上安装我的证书时出现了问题。我未能将中间证书和根证书捆绑/连接到我的域证书。一开始并没有明显的问题,因为Chrome解决了这个问题并接受了证书,尽管省略了中间证书和根证书。
在捆绑证书之后,一切都按预期工作。我捆扎成这样
$ cat intermediate.crt >> domain.crt
并对所有中间证书和根证书重复。
有这个问题,但新版本没有解决。/etc/certs有根证书,浏览器说一切正常。经过一些测试后,我从ssllabs.com得到警告,我的链是不完整的(实际上这是旧证书链,而不是新证书链)。在纠正了证书链之后,一切都很好,即使是curl。
您必须将服务器证书从cert.pem更改为fullchain.pem 我有同样的问题与Perl HTTPS守护进程: 我已经改变了: SSL_cert_file => '/etc/letsencrypt/live/mydomain/cert.pem' : SSL_cert_file => '/etc/letsencrypt/live/mydomain/fullchain.pem'
推荐文章
- HTTPS和SSL3_GET_SERVER_CERTIFICATE:证书验证失败,CA is OK
- c#忽略证书错误?
- 如何允许本地主机上的Apache使用HTTPS ?
- 如何在Node.js内进行远程REST调用?旋度吗?
- 配置Git接受特定https远程的特定自签名服务器证书
- CMake无法找到OpenSSL库
- 如何为已安装的Ubuntu LAMP堆栈启用cURL ?
- 从PKCS12文件中提取公钥/私钥,供以后在SSH-PK-Authentication中使用
- PHP获取网站URL协议- http vs https
- 为什么cURL返回错误“(23)Failed writing body”?
- 如何POST JSON数据与PHP卷曲?
- 使用curl在PHP中获取HTTP代码
- SSL握手警告:unrecognized_name错误,因为升级到Java 1.7.0
- SSL证书错误:无法获得本地颁发者证书
- "ERROR:root:code for hash md5 was not found"当使用任何hg mercurial命令时
