root@sclrdev:/home/sclr/certs/FreshCerts# curl --ftp-ssl --verbose ftp://{abc}/ -u trup:trup --cacert /etc/ssl/certs/ca-certificates.crt
* About to connect() to {abc} port 21 (#0)
* Trying {abc}...
* Connected to {abc} ({abc}) port 21 (#0)
< 220-Cerberus FTP Server - Home Edition
< 220-This is the UNLICENSED Home Edition and may be used for home, personal use only
< 220-Welcome to Cerberus FTP Server
< 220 Created by Cerberus, LLC
> AUTH SSL
< 234 Authentication method accepted
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
当前回答
我本想评论Yuvik的回答,但我缺乏足够的声誉点。
当您将.crt文件导入到/usr/share/local/ca-certificates时,需要使用正确的格式。其中一些已经在前面提到过,但是还没有人提到只需要一个新的行字符,也没有人收集过清单,所以我想在这里提供一个清单。
The certificate needs to end in .crt. From Ubuntu's man page: Certificates must have a .crt extension in order to be included by update-ca-certificates Certificate files in /usr/local/share/ca-certificates can only contain one certificate Certificate files must end in a newline. update-ca-certificates will appear to work if each row contains, for example, a carriage return + a newline (as is standard in Windows), but once the certificate is appended to /etc/ssl/ca-certificates.crt, it still will not work. This specific requirement bit me as we're loading certificates from an external source.
其他回答
这可以帮助你控制暴饮暴食:
$client = new Client(env('API_HOST'));
$client->setSslVerification(false);
测试在guzzle/guzzle 3.*
在所有的ca中,我对Digicert有这个问题。我创建了一个数字文件。Pem文件,只是中间和根粘贴到一个文件。
curl https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem
curl https://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt.pem
curl -v https://mydigisite.com/sign_on --cacert DigiCertCA.pem
...
* subjectAltName: host "mydigisite.com" matched cert's "mydigisite.com"
* issuer: C=US; O=DigiCert Inc; CN=DigiCert SHA2 Secure Server CA
* SSL certificate verify ok.
> GET /users/sign_in HTTP/1.1
> Host: mydigisite.com
> User-Agent: curl/7.65.1
> Accept: */*
...
Eorekan有答案,但只有我和另一个人对他的答案进行了投票。
我通过在cURL脚本中添加一行代码解决了这个问题:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
警告:这使得请求绝对不安全(参见@YSU的回答)!
它失败了,因为cURL无法验证服务器提供的证书。
有两个选项可以让它工作:
使用带-k选项的cURL,允许cURL建立不安全的连接,即cURL不验证证书。 将根CA(签署服务器证书的CA)添加到/etc/ssl/certs/ca-certificates.crt
您应该使用选项2,因为它是确保您连接到安全FTP服务器的选项。
我的方法是在旋度上加-k。 没必要把事情复杂化。
卷曲人:/ d.el。B /release/curl/date 1.20.0/binus/lynx / 64/ cubacal
推荐文章
- 如何在PHP中捕获cURL错误
- CFNetwork SSLHandshake iOS 9失败
- 加载资源:net::ERR_INSECURE_RESPONSE失败
- 无法在Windows上从/usr/local/ssl/openssl.cnf加载配置信息
- 在Bash中将输出赋给变量
- HTTPS和SSL3_GET_SERVER_CERTIFICATE:证书验证失败,CA is OK
- c#忽略证书错误?
- 如何允许本地主机上的Apache使用HTTPS ?
- 如何在Node.js内进行远程REST调用?旋度吗?
- 配置Git接受特定https远程的特定自签名服务器证书
- CMake无法找到OpenSSL库
- 如何为已安装的Ubuntu LAMP堆栈启用cURL ?
- 从PKCS12文件中提取公钥/私钥,供以后在SSH-PK-Authentication中使用
- PHP获取网站URL协议- http vs https
- 为什么cURL返回错误“(23)Failed writing body”?
