linux访问https命令,SSL安全证书常见问题_Linux中使用curl命令访问https站点错误和解决方法 - 帮助文档 - 亿速云...

Linux中使用curl命令访问https站点错误和解决方法

1、Peer’s Certificate issuer is not recognized

代码如下:[root@jiankong ~]# curl -v https://wx.87th.cn- -

CAfile: /etc/pki/tls/certs/ca-bundle.crt

CApath: none

Peer's certificate issuer is not recognized: 'CN=Encryption Everywhere DV TLS CA - G2,OU=www.digicert.com,O=DigiCert Inc,C=US'

2、SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed[root@jiankong ~]# curl https://wx.87th.cn

curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:

error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

解决办法是更新本地CA证书库。

方法一：

下载http://curl.haxx.se/ca/cacert.pem 替换/etc/pki/tls/certs/ca-bundle.crt

方法二：

使用update-ca-trust 更新CA证书库。(CentOS6，属于ca-certificates包)

方法三：

解决办法是将签发该证书的私有CA公钥cacert.pem文件内容，追加到/etc/pki/tls/certs/ca-bundle.crt