root@sclrdev:/home/sclr/certs/FreshCerts# curl --ftp-ssl --verbose ftp://{abc}/ -u trup:trup --cacert /etc/ssl/certs/ca-certificates.crt
* About to connect() to {abc} port 21 (#0)
* Trying {abc}...
* Connected to {abc} ({abc}) port 21 (#0)
< 220-Cerberus FTP Server - Home Edition
< 220-This is the UNLICENSED Home Edition and may be used for home, personal use only
< 220-Welcome to Cerberus FTP Server
< 220 Created by Cerberus, LLC
> AUTH SSL
< 234 Authentication method accepted
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
当前回答
下载https://curl.haxx.se/ca/cacert.pem 下载后,将该文件移动到wamp服务器。 对于exp: D:\wamp\bin\php\ 然后在底部的php.ini文件中添加以下代码行。
curl.cainfo=“D:\wamp\bin\php\cacert.pem”
现在重新启动wamp服务器。
其他回答
这是ssh证书存储问题。请先从目标CA网站下载有效的证书pem文件,再构建软链接文件指示ssl信任证书。
openssl x509 -hash -noout -in DigiCert_Global_Root_G3.pem
您将得到dd8e9d41
使用散列号构建solf链接,并以.0(点- 0)作为文件后缀
DD8E9D41.0
然后再试一次。
在windows上-如果你想从cmd运行
> curl -X GET "https://some.place"
下载cacert。pem从 https://curl.haxx.se/docs/caextract.html
永久设置环境变量:
CURL_CA_BUNDLE = C:\somefolder\cacert.pem
并通过重新打开任何您想要的cmd窗口来重新加载环境 使用旋度;如果安装了Chocolatey,您可以使用:
refreshenv
现在再试一次
故障原因: https://laracasts.com/discuss/channels/general-discussion/curl-error-60-ssl-certificate-problem-unable-to-get-local-issuer-certificate/replies/95548
我本想评论Yuvik的回答,但我缺乏足够的声誉点。
当您将.crt文件导入到/usr/share/local/ca-certificates时,需要使用正确的格式。其中一些已经在前面提到过,但是还没有人提到只需要一个新的行字符,也没有人收集过清单,所以我想在这里提供一个清单。
The certificate needs to end in .crt. From Ubuntu's man page: Certificates must have a .crt extension in order to be included by update-ca-certificates Certificate files in /usr/local/share/ca-certificates can only contain one certificate Certificate files must end in a newline. update-ca-certificates will appear to work if each row contains, for example, a carriage return + a newline (as is standard in Windows), but once the certificate is appended to /etc/ssl/ca-certificates.crt, it still will not work. This specific requirement bit me as we're loading certificates from an external source.
这可以帮助你控制暴饮暴食:
$client = new Client(env('API_HOST'));
$client->setSslVerification(false);
测试在guzzle/guzzle 3.*
它失败了,因为cURL无法验证服务器提供的证书。
有两个选项可以让它工作:
使用带-k选项的cURL,允许cURL建立不安全的连接,即cURL不验证证书。 将根CA(签署服务器证书的CA)添加到/etc/ssl/certs/ca-certificates.crt
您应该使用选项2,因为它是确保您连接到安全FTP服务器的选项。
推荐文章
- CMake无法找到OpenSSL库
- 如何为已安装的Ubuntu LAMP堆栈启用cURL ?
- 从PKCS12文件中提取公钥/私钥,供以后在SSH-PK-Authentication中使用
- PHP获取网站URL协议- http vs https
- 为什么cURL返回错误“(23)Failed writing body”?
- 如何POST JSON数据与PHP卷曲?
- 使用curl在PHP中获取HTTP代码
- SSL握手警告:unrecognized_name错误,因为升级到Java 1.7.0
- SSL证书错误:无法获得本地颁发者证书
- "ERROR:root:code for hash md5 was not found"当使用任何hg mercurial命令时
- 我需要做什么才能使ie8接受自签署证书?
- 使用请求包时出现SSL InsecurePlatform错误
- BEGIN RSA PRIVATE KEY与BEGIN PRIVATE KEY的区别
- 从URL执行bash脚本
- 你从哪里包含jQuery库?谷歌JSAPI吗?CDN吗?
