root@sclrdev:/home/sclr/certs/FreshCerts# curl --ftp-ssl --verbose ftp://{abc}/ -u trup:trup --cacert /etc/ssl/certs/ca-certificates.crt
* About to connect() to {abc} port 21 (#0)
*   Trying {abc}...
* Connected to {abc} ({abc}) port 21 (#0)
< 220-Cerberus FTP Server - Home Edition
< 220-This is the UNLICENSED Home Edition and may be used for home, personal use only
< 220-Welcome to Cerberus FTP Server
< 220 Created by Cerberus, LLC
> AUTH SSL
< 234 Authentication method accepted
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

当前回答

对我来说,简单地安装证书有帮助:

sudo apt-get install ca-certificates

其他回答

以我为例,在我试图用cURL使用的服务上安装我的证书时出现了问题。我未能将中间证书和根证书捆绑/连接到我的域证书。一开始并没有明显的问题,因为Chrome解决了这个问题并接受了证书,尽管省略了中间证书和根证书。

在捆绑证书之后,一切都按预期工作。我捆扎成这样

$ cat intermediate.crt >> domain.crt

并对所有中间证书和根证书重复。

下载https://curl.haxx.se/ca/cacert.pem 下载后,将该文件移动到wamp服务器。 对于exp: D:\wamp\bin\php\ 然后在底部的php.ini文件中添加以下代码行。

curl.cainfo=“D:\wamp\bin\php\cacert.pem”

现在重新启动wamp服务器。

有这个问题,但新版本没有解决。/etc/certs有根证书,浏览器说一切正常。经过一些测试后,我从ssllabs.com得到警告,我的链是不完整的(实际上这是旧证书链,而不是新证书链)。在纠正了证书链之后,一切都很好,即使是curl。

我通过在cURL脚本中添加一行代码解决了这个问题:

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

警告:这使得请求绝对不安全(参见@YSU的回答)!

尝试在Ubuntu中重新安装curl,并使用sudo update-ca-certificates—fresh更新我的CA证书