「SSL」- 常见错误汇总 @20210220
#1 Peer's certificate issuer has been marked as not trusted by the user.
错误描述:
curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
错误原因:
你可能遇到这个错误了,但是可能和我的场景不太一样。我是因为上网行为管理设备闹的,主机的MAC地址没认证,被拦截了。
开始我还以为是系统CA证书过旧导致的。
解决办法:
认证一下呗,或者加个白名单。
# SSL connect error
「cURL doesn't connect to HTTPS while wget does (NSS error -12286)」
「Adding trusted root certificates to the server」
问题描述:
# ... fatal: unable to access 'https://github.com/boostorg/boost.git/': SSL connect error # curl https://github.com curl: (35) SSL connect error # curl -vvv https://github.com About to connect() to github.com port 443 (#0) Trying 13.250.177.223... connected Connected to github.com (13.250.177.223) port 443 (#0) Initializing NSS with certpath: sql:/etc/pki/nssdb CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none NSS error -12190 Closing connection #0 SSL connect error curl: (35) SSL connect error
访问curl https://www.baidu.com是正常的;使用curl -1 https://github.com是正常的。
问题原因:
NSS库的版本太久了,或者系统CA过旧。
解决办法:
#!/bin/sh # 升级nss库和CA: yum install -y nss ca-certificates update-ca-trust # 我也不知道这个有什么用
注意事项:
我并不能确定是否和CA由关系,只是说我执行了哪些操作。
