{"id":382,"date":"2014-12-24T23:44:54","date_gmt":"2014-12-24T15:44:54","guid":{"rendered":"http:\/\/www.ipcpu.com\/?p=382"},"modified":"2014-12-24T23:44:54","modified_gmt":"2014-12-24T15:44:54","slug":"curl-https-error","status":"publish","type":"post","link":"https:\/\/c.ipcpu.com\/2014\/12\/curl-https-error\/","title":{"rendered":"Linux\u4f7f\u7528curl\u8bbf\u95eehttps\u7ad9\u70b9\u65f6\u62a5\u9519\u6c47\u603b"},"content":{"rendered":"

\u6bcf\u4e00\u79cd\u5ba2\u6237\u7aef\u5728\u5904\u7406https\u7684\u8fde\u63a5\u65f6\u90fd\u4f1a\u4f7f\u7528\u4e0d\u540c\u7684\u8bc1\u4e66\u5e93\u3002<\/p>\n

IE\u6d4f\u89c8\u5668\u548cFireFox\u6d4f\u89c8\u5668\u90fd\u53ef\u4ee5\u5728\u672c\u6d4f\u89c8\u5668\u7684\u63a7\u5236\u9762\u677f\u4e2d\u627e\u5230\u8bc1\u4e66\u7ba1\u7406\u5668\u3002<\/p>\n

\u5728\u8bc1\u4e66\u7ba1\u7406\u5668\u4e2d\u53ef\u4ee5\u81ea\u7531\u6dfb\u52a0\u3001\u5220\u9664\u6839\u8bc1\u4e66\u3002<\/p>\n

\u800clinux\u7684curl\u4f7f\u7528\u7684\u8bc1\u4e66\u5e93\u5728\u6587\u4ef6\u201c\/etc\/pki\/tls\/certs\/ca-bundle.crt\u201d\u4e2d\u3002\uff08CentOS\uff09<\/p>\n

\u4ee5\u4e0b\u662fcurl\u5728\u8bbf\u95eehttps\u7ad9\u70b9\u65f6\u5e38\u89c1\u7684\u62a5\u9519\u4fe1\u606f<\/p>\n

1.Peer's Certificate issuer is not recognized<\/h4>\n
  1. [<\/span>root@ip<\/span>-<\/span>172<\/span>-<\/span>31<\/span>-<\/span>32<\/span>-<\/span>208<\/span> nginx<\/span>]#<\/span> curl https<\/span>:<\/span>\/\/m.ipcpu.com<\/span><\/code><\/li>
  2. curl<\/span>:<\/span> <\/span>(<\/span>60<\/span>)<\/span> <\/span>Peer<\/span>'s Certificate issuer is not recognized.<\/span><\/code><\/li>
  3. More details here: http:\/\/curl.haxx.se\/docs\/sslcerts.html<\/span><\/code><\/li><\/ol><\/pre>\n
    \u6b64\u79cd\u60c5\u51b5\u591a\u53d1\u751f\u5728\u81ea\u7b7e\u540d\u7684\u8bc1\u4e66\uff0c\u62a5\u9519\u542b\u4e49\u662f\u7b7e\u53d1\u8bc1\u4e66\u673a\u6784\u672a\u7ecf\u8ba4\u8bc1\uff0c\u65e0\u6cd5\u8bc6\u522b\u3002<\/p>\n
    \u89e3\u51b3\u529e\u6cd5\u662f\u5c06\u7b7e\u53d1\u8be5\u8bc1\u4e66\u7684\u79c1\u6709CA\u516c\u94a5cacert.pem\u6587\u4ef6\u5185\u5bb9\uff0c\u8ffd\u52a0\u5230\/etc\/pki\/tls\/certs\/ca-bundle.crt\u3002<\/p>\n
    \u6211\u4eec\u5728\u8bbf\u95ee12306.cn\u8ba2\u7968\u7f51\u7ad9\u65f6\u4e5f\u62a5\u4e86\u7c7b\u4f3c\u7684\u9519\u8bef\u3002<\/p>\n
    1. [<\/span>root@ip<\/span>-<\/span>172<\/span>-<\/span>31<\/span>-<\/span>32<\/span>-<\/span>208<\/span> <\/span>~]#<\/span> curl https<\/span>:<\/span>\/\/kyfw.12306.cn\/<\/span><\/code><\/li>
    2. curl<\/span>:<\/span> <\/span>(<\/span>60<\/span>)<\/span> <\/span>Peer<\/span>'s certificate issuer has been marked as not trusted by the user.<\/span><\/code><\/li>
    3. More details here: http:\/\/curl.haxx.se\/docs\/sslcerts.html<\/span><\/code><\/li><\/ol><\/pre>\n
      2.SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed<\/h4>\n
      1. [<\/span>root@GO<\/span>-<\/span>EMAIL<\/span>-<\/span>1<\/span> aa<\/span>]#<\/span> curl  https<\/span>:<\/span>\/\/github.com\/<\/span><\/code><\/li>
      2. curl<\/span>:<\/span> <\/span>(<\/span>60<\/span>)<\/span> SSL certificate problem<\/span>,<\/span> verify that the CA cert <\/span>is<\/span> OK<\/span>.<\/span> <\/span>Details<\/span>:<\/span><\/code><\/li>
      3. error<\/span>:<\/span>14090086<\/span>:<\/span>SSL routines<\/span>:<\/span>SSL3_GET_SERVER_CERTIFICATE<\/span>:<\/span>certificate verify failed<\/span><\/code><\/li>
      4. More<\/span> details here<\/span>:<\/span> http<\/span>:<\/span>\/\/curl.haxx.se\/docs\/sslcerts.html<\/span><\/code><\/li><\/ol><\/pre>\n
        \u6b64\u95ee\u9898\u591a\u662f\u7531\u4e8e\u672c\u5730CA\u8bc1\u4e66\u5e93\u8fc7\u65e7\uff0c\u5bfc\u81f4\u65b0\u7b7e\u53d1\u8bc1\u4e66\u65e0\u6cd5\u8bc6\u522b\u3002<\/p>\n
        \u7ecf\u6392\u67e5\uff0cgithub.com\u8bc1\u4e66\u662f\u7531GTE CyberTrust Root\u7b7e\u53d1,\u73b0\u884c\u8bc1\u4e66\u65f6\u95f4\u662f\uff1a
        \u4e0d\u65e9\u4e8e(1998\/8\/13 0:29:00 GMT)
        \u4e0d\u665a\u4e8e(2018\/8\/13 23:59:00 GMT)<\/p>\n
        \u800c\u5728\u6211\u4eec\u7684Redhat5.3\u7cfb\u7edf\u4e2dca-bundle.crt\u6587\u4ef6\u53d1\u73b0\uff0cGTE CyberTrust Root\u7684\u65f6\u95f4\u5df2\u7ecf\u8fc7\u671f\u3002<\/p>\n
        1.  <\/span>Issuer<\/span>:<\/span> C<\/span>=<\/span>US<\/span>,<\/span> O<\/span>=<\/span>GTE <\/span>Corporation<\/span>,<\/span> CN<\/span>=<\/span>GTE <\/span>CyberTrust<\/span> <\/span>Root<\/span><\/code><\/li>
        2.         <\/span>Validity<\/span><\/code><\/li>
        3.             <\/span>Not<\/span> <\/span>Before<\/span>:<\/span> <\/span>Feb<\/span> <\/span>23<\/span> <\/span>23<\/span>:<\/span>01<\/span>:<\/span>00<\/span> <\/span>1996<\/span> GMT<\/span><\/code><\/li>
        4.             <\/span>Not<\/span> <\/span>After<\/span> <\/span>:<\/span> <\/span>Feb<\/span> <\/span>23<\/span> <\/span>23<\/span>:<\/span>59<\/span>:<\/span>00<\/span> <\/span>2006<\/span> GMT<\/span><\/code><\/li><\/ol><\/pre>\n
          \u89e3\u51b3\u529e\u6cd5\u662f\u66f4\u65b0\u672c\u5730CA\u8bc1\u4e66\u5e93\u3002<\/p>\n
          \u65b9\u6cd5\u4e00\uff1a
          \u4e0b\u8f7dhttp:\/\/curl.haxx.se\/ca\/cacert.pem<\/a> \u66ff\u6362\/etc\/pki\/tls\/certs\/ca-bundle.crt
          \u65b9\u6cd5\u4e8c\uff1a
          \u4f7f\u7528update-ca-trust \u66f4\u65b0CA\u8bc1\u4e66\u5e93\u3002
          \uff08CentOS6\uff0c\u5c5e\u4e8eca-certificates\u5305\uff09<\/p>\n
          3.unknown message digest algorithm<\/h4>\n
          1. [<\/span>root@WEB_YF_2<\/span>.<\/span>7<\/span> <\/span>~]#<\/span>curl https<\/span>:<\/span>\/\/www.alipay.com<\/span><\/code><\/li>
          2. curl<\/span>:<\/span> <\/span>(<\/span>35<\/span>)<\/span> error<\/span>:<\/span>0D0C50A1<\/span>:<\/span>asn1 encoding routines<\/span>:<\/span>ASN1_item_verify<\/span>:<\/span>unknown message digest algorithm<\/span><\/code><\/li><\/ol><\/pre>\n
            \u6b64\u95ee\u9898\u591a\u7531\u8bc1\u4e66\u672c\u5730openssl\u4e0d\u80fd\u8bc6\u522bSSL\u8bc1\u4e66\u7b7e\u540d\u7b97\u6cd5\u6240\u81f4\u3002
            www.alipay.com \u4f7f\u7528\u4e86SHA-256 RSA \u52a0\u5bc6\u7b97\u6cd5\u3002
            \u800copenssl\u5728OpenSSL 0.9.8o\u624d\u52a0\u5165\u6b64\u7b97\u6cd5\u3002<\/p>\n
            \u89e3\u51b3\u529e\u6cd5\u662f\u5347\u7ea7\u672c\u5730openssl\u3002<\/p>\n
            \u5728\u6211\u7684\u64cd\u4f5c\u7cfb\u7edfRedHat5.3\u4e2d,yum \u5347\u7ea7openssl\u5230openssl-0.9.8e-22.el5 \u5c31\u53ef\u4ee5\u8bc6\u522bSHA-256\u7b97\u6cd5\u3002<\/p>\n
            \u539f\u56e0\u662fRedhat\u6bcf\u6b21\u90fd\u662f\u7ed90.9.8e\u6253\u8865\u4e01\uff0c\u800c\u4e0d\u662f\u76f4\u63a5\u66f4\u6362\u7248\u672c\u3002\u5728srpm\u5305\u4e2d\u6211\u627e\u5230\u4e86\u8fd9\u4e2a\u8865\u4e01\u3002<\/p>\n
            1. Summary<\/span>:<\/span> <\/span>The<\/span> <\/span>OpenSSL<\/span> toolkit<\/span><\/code><\/li>
            2. Name<\/span>:<\/span> openssl<\/span><\/code><\/li>
            3. Version<\/span>:<\/span> <\/span>0.9<\/span>.<\/span>8e<\/span><\/code><\/li>
            4. ...<\/span><\/code><\/li>
            5. Patch89<\/span>:<\/span> openssl<\/span>-<\/span>fips<\/span>-<\/span>0.9<\/span>.<\/span>8e<\/span>-<\/span>ssl<\/span>-<\/span>sha256<\/span>.<\/span>patch<\/span><\/code><\/li><\/ol><\/pre>\n
              4.JAVA\u548cPHP\u7684\u95ee\u9898<\/h4>\n
              java\u548cphp\u90fd\u53ef\u4ee5\u7f16\u7a0b\u6765\u8bbf\u95eehttps\u7f51\u7ad9\u3002\u4f8b\u5982httpclient\u7b49\u3002<\/p>\n
              \u5176\u8c03\u7528\u7684CA\u6839\u8bc1\u4e66\u5e93\u5e76\u4e0d\u548c\u64cd\u4f5c\u7cfb\u7edf\u4e00\u81f4\u3002<\/p>\n
              JAVA\u7684CA\u6839\u8bc1\u4e66\u5e93\u662f\u5728 JRE\u7684$JAVA_HOME\/jre\/lib\/security\/cacerts
              \u8be5\u6587\u4ef6\u4f1a\u968f\u7740JRE\u7248\u672c\u7684\u5347\u7ea7\u800c\u5347\u7ea7\u3002
              \u53ef\u4ee5\u4f7f\u7528keytool\u5de5\u5177\u8fdb\u884c\u7ba1\u7406\u3002<\/p>\n
              PHP\u8fd9\u8fb9\u6211\u6ca1\u6709\u8fdb\u884c\u6d4b\u8bd5\uff0c\u4ecephp\u5b89\u88c5curl\u7ec4\u4ef6\u7684\u8fc7\u7a0b\u6765\u770b\uff0c\u6781\u6709\u53ef\u80fd\u5c31\u662f\u76f4\u63a5\u91c7\u7528\u7684\u64cd\u4f5c\u7cfb\u7edfcurl\u4e00\u76f4\u7684\u6570\u636e\u3002<\/p>\n
              \u5f53\u7136PHP\u4e5f\u63d0\u4f9b\u4e86 curl.cainfo \u53c2\u6570(php.ini)\u6765\u6307\u5b9aCA\u6839\u8bc1\u4e66\u5e93\u7684\u4f4d\u7f6e\u3002<\/p>\n
              \u53c2\u8003\u6587\u7ae0<\/h4>\n
              http:\/\/blog.csdn.net\/slvher\/article\/details\/41485311<\/a><\/p>\n
              \u6765\u81ea\u4e3a\u77e5\u7b14\u8bb0(Wiz)<\/a><\/div>\n
              \u8f6c\u8f7d\u8bf7\u6ce8\u660e\uff1aIPCPU-\u7f51\u7edc\u4e4b\u8def<\/a> » Linux\u4f7f\u7528curl\u8bbf\u95eehttps\u7ad9\u70b9\u65f6\u62a5\u9519\u6c47\u603b<\/a><\/p>","protected":false},"excerpt":{"rendered":"
              \u6bcf\u4e00\u79cd\u5ba2\u6237\u7aef\u5728\u5904\u7406https\u7684\u8fde\u63a5\u65f6\u90fd\u4f1a\u4f7f\u7528\u4e0d\u540c\u7684\u8bc1\u4e66\u5e93\u3002 IE\u6d4f\u89c8\u5668\u548cFireFox\u6d4f\u89c8\u5668\u90fd\u53ef\u4ee5\u5728\u672c\u6d4f\u89c8\u5668\u7684\u63a7\u5236\u9762\u677f\u4e2d\u627e\u5230\u8bc1\u4e66\u7ba1\u7406\u5668\u3002 \u5728\u8bc1\u4e66\u7ba1\u7406\u5668\u4e2d\u53ef\u4ee5\u81ea\u7531\u6dfb\u52a0\u3001\u5220\u9664\u6839\u8bc1\u4e66\u3002 \u800clinux\u7684curl\u4f7f\u7528\u7684\u8bc1\u4e66\u5e93\u5728\u6587\u4ef6\u201c\/etc\/pki\/tls\/certs\/ca-bundle.crt\u201d\u4e2d\u3002\uff08CentOS\uff09 \u4ee5\u4e0b\u662fcurl\u5728\u8bbf\u95eehttps\u7ad9\u70b9\u65f6\u5e38\u89c1\u7684\u62a5\u9519\u4fe1\u606f 1.Peer’s Certificate issuer is not recognized [root@ip-172-31-32-208 nginx]# curl https:\/\/m.ipcpu.comcurl: (60) Peer’s Certificate issuer is not recognized.More details here: http:\/\/curl.haxx.se\/docs\/sslcerts.html \u6b64\u79cd\u60c5\u51b5\u591a\u53d1\u751f\u5728\u81ea\u7b7e\u540d\u7684\u8bc1\u4e66\uff0c\u62a5\u9519\u542b\u4e49\u662f\u7b7e\u53d1\u8bc1\u4e66\u673a\u6784\u672a\u7ecf\u8ba4\u8bc1\uff0c\u65e0\u6cd5\u8bc6\u522b\u3002 \u89e3\u51b3\u529e\u6cd5\u662f\u5c06\u7b7e\u53d1\u8be5\u8bc1\u4e66\u7684\u79c1\u6709CA\u516c\u94a5cacert.pem\u6587\u4ef6\u5185\u5bb9\uff0c\u8ffd\u52a0\u5230\/etc\/pki\/tls\/certs\/ca-bundle.crt\u3002 \u6211\u4eec\u5728\u8bbf\u95ee12306.cn\u8ba2\u7968\u7f51\u7ad9\u65f6\u4e5f\u62a5\u4e86\u7c7b\u4f3c\u7684\u9519\u8bef\u3002 [root@ip-172-31-32-208 ~]# curl https:\/\/kyfw.12306.cn\/curl: (60) Peer’s certificate issuer has been marked as not trusted by the user.More details here: http:\/\/curl.haxx.se\/docs\/sslcerts.html 2.SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed [root@GO-EMAIL-1 aa]# curl […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[13],"tags":[29,17,8,9],"_links":{"self":[{"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/posts\/382"}],"collection":[{"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/comments?post=382"}],"version-history":[{"count":0,"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/posts\/382\/revisions"}],"wp:attachment":[{"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/media?parent=382"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/categories?post=382"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/c.ipcpu.com\/wp-json\/wp\/v2\/tags?post=382"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}