root@sclrdev:/home/sclr/certs/FreshCerts# curl --ftp-ssl --verbose ftp://{abc}/ -u trup:trup --cacert /etc/ssl/certs/ca-certificates.crt
* About to connect() to {abc} port 21 (#0)
* Trying {abc}...
* Connected to {abc} ({abc}) port 21 (#0)
< 220-Cerberus FTP Server - Home Edition
< 220-This is the UNLICENSED Home Edition and may be used for home, personal use only
< 220-Welcome to Cerberus FTP Server
< 220 Created by Cerberus, LLC
> AUTH SSL
< 234 Authentication method accepted
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
当前回答
输入这两个代码以禁用SSL证书颁发。这对我很有效 经过大量研究,我发现了这个。
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
其他回答
在窗户上我遇到了这个问题。Curl是由mysysgit安装的,所以下载并安装最新版本可以解决我的问题。
否则,这些是关于如何更新您的CA证书的不错的说明,您可以尝试。
我通过在cURL脚本中添加一行代码解决了这个问题:
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
警告:这使得请求绝对不安全(参见@YSU的回答)!
尝试在Ubuntu中重新安装curl,并使用sudo update-ca-certificates—fresh更新我的CA证书
在我的情况下,当我使用NodeJS设置SSl web服务器时,问题是因为我没有附加Bundle文件证书,最后我通过添加以下文件解决了这个问题:
注:代码来自aboutssl.org
var https = require('https');
var fs = require('fs');
var https_options = {
key: fs.readFileSync("/path/to/private.key"),
cert: fs.readFileSync("/path/to/your_domain_name.crt"),
ca: [
fs.readFileSync('path/to/CA_root.crt'),
fs.readFileSync('path/to/ca_bundle_certificate.crt') // this is the bundle file
]
};
https.createServer(options, function (req, res) {
res.writeHead(200);
res.end("Welcome to Node.js HTTPS Servern");
}).listen(8443)
在上面的文本中,用下面的粗体替换。
/ /私有道路。key -这是您的私钥文件的路径。
路径/ / your_domain_name。crt -输入SSL证书文件的路径。
路径/ / CA_root。crt - CA根证书文件的全路径。
path/to/ca_bundle_certificate——这是你上传的CA包文件的完整路径。
参考:https://aboutssl.org/how-to-install-ssl-certificate-on-node-js/
仅仅更新证书列表可能就足够了
sudo update-ca-certificates -f
update-ca-certificates是一个更新/etc/ssl/certs目录以保存SSL证书并生成ca-certificates的程序。Crt,一个连接的证书单文件列表。
推荐文章
- 证书验证失败:无法获得本地颁发者证书
- 当使用pip3安装包时,“Python中的ssl模块不可用”
- 如何在PHP中捕获cURL错误
- CFNetwork SSLHandshake iOS 9失败
- 加载资源:net::ERR_INSECURE_RESPONSE失败
- 无法在Windows上从/usr/local/ssl/openssl.cnf加载配置信息
- 在Bash中将输出赋给变量
- HTTPS和SSL3_GET_SERVER_CERTIFICATE:证书验证失败,CA is OK
- c#忽略证书错误?
- 如何允许本地主机上的Apache使用HTTPS ?
- 如何在Node.js内进行远程REST调用?旋度吗?
- 配置Git接受特定https远程的特定自签名服务器证书
- CMake无法找到OpenSSL库
- 如何为已安装的Ubuntu LAMP堆栈启用cURL ?
- 从PKCS12文件中提取公钥/私钥,供以后在SSH-PK-Authentication中使用
