root@sclrdev:/home/sclr/certs/FreshCerts# curl --ftp-ssl --verbose ftp://{abc}/ -u trup:trup --cacert /etc/ssl/certs/ca-certificates.crt
* About to connect() to {abc} port 21 (#0)
* Trying {abc}...
* Connected to {abc} ({abc}) port 21 (#0)
< 220-Cerberus FTP Server - Home Edition
< 220-This is the UNLICENSED Home Edition and may be used for home, personal use only
< 220-Welcome to Cerberus FTP Server
< 220 Created by Cerberus, LLC
> AUTH SSL
< 234 Authentication method accepted
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
当前回答
我的方法是在旋度上加-k。 没必要把事情复杂化。
卷曲人:/ d.el。B /release/curl/date 1.20.0/binus/lynx / 64/ cubacal
其他回答
在亚马逊Linux (CentOS / Red Hat等)上,我做了以下工作来解决这个问题。首先复制cacert。Pem从http://curl.haxx.se/ca/cacert.pem下载,放在/etc/pki/ca-trust/source/anchors/目录下。执行update-ca-trust命令。
下面是来自https://serverfault.com/questions/394815/how-to-update-curl-ca-bundle-on-redhat的一句话
Curl https://curl.se/ca/cacert.pem -o /etc/pki/ca-trust/source/anchors/curl-cacert-updated。Pem && update-ca-trust
然而,由于curl被破坏,我实际上使用这个命令来下载cacert。pem文件。
Wget——no-check-certificate http://curl.haxx.se/ca/cacert.pem
另外,如果你在使用php时遇到了问题,你可能需要重新启动你的web服务器服务httpd restart for apache或service nginx restart for nginx。
它失败了,因为cURL无法验证服务器提供的证书。
有两个选项可以让它工作:
使用带-k选项的cURL,允许cURL建立不安全的连接,即cURL不验证证书。 将根CA(签署服务器证书的CA)添加到/etc/ssl/certs/ca-certificates.crt
您应该使用选项2,因为它是确保您连接到安全FTP服务器的选项。
对我来说,简单地安装证书有帮助:
sudo apt-get install ca-certificates
在windows上-如果你想从cmd运行
> curl -X GET "https://some.place"
下载cacert。pem从 https://curl.haxx.se/docs/caextract.html
永久设置环境变量:
CURL_CA_BUNDLE = C:\somefolder\cacert.pem
并通过重新打开任何您想要的cmd窗口来重新加载环境 使用旋度;如果安装了Chocolatey,您可以使用:
refreshenv
现在再试一次
故障原因: https://laracasts.com/discuss/channels/general-discussion/curl-error-60-ssl-certificate-problem-unable-to-get-local-issuer-certificate/replies/95548
是的,您还需要添加一个CA证书。在Node.js中添加一个代码片段以获得更清晰的视图。
var fs = require(fs)
var path = require('path')
var https = require('https')
var port = process.env.PORT || 8080;
var app = express();
https.createServer({
key: fs.readFileSync(path.join(__dirname, './path to your private key/privkey.pem')),
cert: fs.readFileSync(path.join(__dirname, './path to your certificate/cert.pem')),
ca: fs.readFileSync(path.join(__dirname, './path to your CA file/chain.pem'))}, app).listen(port)
推荐文章
- 证书验证失败:无法获得本地颁发者证书
- 当使用pip3安装包时,“Python中的ssl模块不可用”
- 如何在PHP中捕获cURL错误
- CFNetwork SSLHandshake iOS 9失败
- 加载资源:net::ERR_INSECURE_RESPONSE失败
- 无法在Windows上从/usr/local/ssl/openssl.cnf加载配置信息
- 在Bash中将输出赋给变量
- HTTPS和SSL3_GET_SERVER_CERTIFICATE:证书验证失败,CA is OK
- c#忽略证书错误?
- 如何允许本地主机上的Apache使用HTTPS ?
- 如何在Node.js内进行远程REST调用?旋度吗?
- 配置Git接受特定https远程的特定自签名服务器证书
- CMake无法找到OpenSSL库
- 如何为已安装的Ubuntu LAMP堆栈启用cURL ?
- 从PKCS12文件中提取公钥/私钥,供以后在SSH-PK-Authentication中使用
