linux curl 访问https 网站相关问题
1、Peer’s Certificate issuer is not recognized
代码如下:
[root@jiankong ~]# curl -v https://wx.87th.cn- -
CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
Peer's certificate issuer is not recognized: 'CN=Encryption Everywhere DV TLS CA - G2,OU=www.digicert.com,O=DigiCert Inc,C=US'
2、SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
[root@jiankong ~]# curl https://wx.87th.cn
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
解决办法是更新本地CA证书库。
方法一:
下载http://curl.haxx.se/ca/cacert.pem 替换/etc/pki/tls/certs/ca-bundle.crt
方法二:
使用update-ca-trust 更新CA证书库。(CentOS6,属于ca-certificates包)
方法三:
解决办法是将签发该证书的私有CA公钥cacert.pem文件内容,追加到/etc/pki/tls/certs/ca-bundle.crt
Reference :
https://www.yisu.com/help/id_119.html
本文来自博客园,作者:ljymoonlight,转载请注明原文链接:https://www.cnblogs.com/ljymoonlight/p/15063847.html
posted on 2021-07-26 23:49 ljymoonlight 阅读(280) 评论(0) 编辑 收藏 举报
