是的，您还需要添加一个CA证书。在Node.js中添加一个代码片段以获得更清晰的视图。

var fs = require(fs)
var path = require('path')
var https = require('https')
var port = process.env.PORT || 8080;
var app = express();

https.createServer({
key: fs.readFileSync(path.join(__dirname, './path to your private key/privkey.pem')),
cert: fs.readFileSync(path.join(__dirname, './path to your certificate/cert.pem')),
ca: fs.readFileSync(path.join(__dirname, './path to your CA file/chain.pem'))}, app).listen(port)

简单的解决方案: 在~ /。Sdkman /etc/config, change sdkman_insecure_ssl=true

步骤: 纳米~ / .sdkman / etc /配置 将sdkman_insecure_ssl=false修改为sdkman_insecure_ssl=true 保存并退出

有这个问题，但新版本没有解决。/etc/certs有根证书，浏览器说一切正常。经过一些测试后，我从ssllabs.com得到警告，我的链是不完整的(实际上这是旧证书链，而不是新证书链)。在纠正了证书链之后，一切都很好，即使是curl。

这是ssh证书存储问题。请先从目标CA网站下载有效的证书pem文件，再构建软链接文件指示ssl信任证书。

openssl x509 -hash -noout -in DigiCert_Global_Root_G3.pem

您将得到dd8e9d41

使用散列号构建solf链接，并以.0(点- 0)作为文件后缀

DD8E9D41.0

然后再试一次。

特别对于Windows用户，使用curl-7.57.0-win64-mingw或类似版本。

这有点晚了，现有的答案是正确的。但我还是得费点劲才能让它在我的Windows电脑上运行，不过这个过程其实相当简单。所以，分享一步一步的过程。

这个错误基本上意味着，curl无法验证目标URI的证书。如果您信任证书的颁发者(CA)，则可以将其添加到受信任证书列表。

为此，浏览URI(例如在Chrome上)并遵循步骤

Right click on the secure padlock icon Click on certificate, it'll open a window with the certificate details Go to 'Certification Path' tab Click the ROOT certificate Click View Certificate, it'll open another certificate window Go to Details tab Click Copy to File, it'll open the export wizard Click Next Select 'Base-64 encoded X.509 (.CER)' Click Next Give a friendly name e.g. 'MyDomainX.cer' (browse to desired directory) Click Next Click Finish, it'll save the certificate file Now open this .cer file and copy the contents (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----) Now go to the directory where curl.exe is saved e.g. C:\SomeFolder\curl-7.57.0-win64-mingw\bin Open the curl-ca-bundle.crt file with a text editor Append the copied certificate text to the end of the file. Save

现在，您的命令应该在curl中正常执行。

关于“SSL证书问题:无法获得本地颁发者证书”错误。需要注意的是，这适用于发送CURL请求的系统，而不是接收请求的服务器。

Download the latest cacert.pem from https://curl.se/ca/cacert.pem Add the '--cacert /path/to/cacert.pem' option to the curl command to tell curl where the local Certificate Authority file is. (or) Create or add to a '.curlrc' file the line: cacert = /path/to/cacert.pem See 'man curl', the section about the '-K, --config <file>' section for information about where curl looks for this file. (or if using php) Add the following line to php.ini: (if this is shared hosting and you don't have access to php.ini then you could add this to .user.ini in public_html).

卷毛。cainfo = " - path / to / downloaded cacert pem。”

请确保将路径用双引号括起来!!

默认情况下，FastCGI进程将每300秒解析一次新文件(如果需要，您可以通过添加几个文件来改变频率https://ss88.uk/blog/fast-cgi-and-user-ini-files-the-new-htaccess/)。