curl:(60) SSL证书问题:无法获得本地颁发者证书

root@sclrdev:/home/sclr/certs/FreshCerts# curl --ftp-ssl --verbose ftp://{abc}/ -u trup:trup --cacert /etc/ssl/certs/ca-certificates.crt
* About to connect() to {abc} port 21 (#0)
*   Trying {abc}...
* Connected to {abc} ({abc}) port 21 (#0)
< 220-Cerberus FTP Server - Home Edition
< 220-This is the UNLICENSED Home Edition and may be used for home, personal use only
< 220-Welcome to Cerberus FTP Server
< 220 Created by Cerberus, LLC
> AUTH SSL
< 234 Authentication method accepted
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

当前回答

我本想评论Yuvik的回答，但我缺乏足够的声誉点。

当您将.crt文件导入到/usr/share/local/ca-certificates时，需要使用正确的格式。其中一些已经在前面提到过，但是还没有人提到只需要一个新的行字符，也没有人收集过清单，所以我想在这里提供一个清单。

The certificate needs to end in .crt. From Ubuntu's man page: Certificates must have a .crt extension in order to be included by update-ca-certificates Certificate files in /usr/local/share/ca-certificates can only contain one certificate Certificate files must end in a newline. update-ca-certificates will appear to work if each row contains, for example, a carriage return + a newline (as is standard in Windows), but once the certificate is appended to /etc/ssl/ca-certificates.crt, it still will not work. This specific requirement bit me as we're loading certificates from an external source.

2021-04-29 09:42:33

其他回答

是的，您还需要添加一个CA证书。在Node.js中添加一个代码片段以获得更清晰的视图。

var fs = require(fs)
var path = require('path')
var https = require('https')
var port = process.env.PORT || 8080;
var app = express();

https.createServer({
key: fs.readFileSync(path.join(__dirname, './path to your private key/privkey.pem')),
cert: fs.readFileSync(path.join(__dirname, './path to your certificate/cert.pem')),
ca: fs.readFileSync(path.join(__dirname, './path to your CA file/chain.pem'))}, app).listen(port)

2016-09-15 01:43:17

在windows上-如果你想从cmd运行

> curl -X GET "https://some.place"

下载cacert。pem从 https://curl.haxx.se/docs/caextract.html

永久设置环境变量:

CURL_CA_BUNDLE = C:\somefolder\cacert.pem

并通过重新打开任何您想要的cmd窗口来重新加载环境使用旋度;如果安装了Chocolatey，您可以使用:

refreshenv

现在再试一次

故障原因: https://laracasts.com/discuss/channels/general-discussion/curl-error-60-ssl-certificate-problem-unable-to-get-local-issuer-certificate/replies/95548

2017-12-07 21:11:17

对我来说，简单地安装证书有帮助:

sudo apt-get install ca-certificates

2018-04-02 15:46:55

仅仅更新证书列表可能就足够了

sudo update-ca-certificates -f

update-ca-certificates是一个更新/etc/ssl/certs目录以保存SSL证书并生成ca-certificates的程序。Crt，一个连接的证书单文件列表。

2019-11-18 18:39:10

我也遇到过这个问题。我读了这篇文章，大部分答案都很有信息量，但对我来说太复杂了。我在社交话题上没有经验，所以这个答案适合像我这样的人。

在我的例子中，发生这个错误是因为我没有在应用程序中使用的证书旁边包含中间证书和根证书。

以下是我从SSL证书供应商那里得到的信息:

- abc.crt
- abc.pem
- abc-bunde.crt

在abc。CRT文件，只有一个证书:

-----BEGIN CERTIFICATE-----
/*certificate content here*/
-----END CERTIFICATE-----

如果我以这种格式提供它，浏览器将不会显示任何错误(Firefox)，但我会得到curl:(60) SSL证书:无法获得本地颁发者证书错误时，我做curl请求。

要修复此错误，请检查abc-bunde。crt文件。你很可能会看到这样的东西:

这些是您的中级证书和根证书。发生错误是因为您提供给应用程序的SSL证书中缺少它们。

要修复此错误，请以以下格式合并这两个文件的内容:

请注意，证书之间、文件的末尾或开头没有空格。一旦您向应用程序提供了这个组合证书，您的问题就会得到解决。

2020-03-04 12:05:33

curl:(60) SSL证书问题:无法获得本地颁发者证书

推荐文章

最新文章

标签