服务器证书验证失败。 CAfile:/etc/ssl/certs/ca-certificates.crt CRLfile:none [英] server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
问题描述
我可以通过克隆项目使用ssh,但它不工作,当我克隆项目与https。
它显示以下消息错误。
服务器证书验证失败。 CAfile:/etc/ssl/certs/ca-certificates.crt CRLfile:none
TLDR:
hostname = XXX
port = 443
trust_cert_file_location =`curl-config --ca`
sudo bash -cecho -n | openssl s_client -showcerts -connect $ hostname:$ port 2> / dev / null | sed -ne' BEGIN CERTIFICATE - /,/ - END CERTIFICATE- / p'>> $ trust_cert_file_location
strong>长回答
基本原因是您的计算机不信任 >对在Gitlab服务器上使用的证书签名。这并不意味着证书是可疑的,但它可以是自签名或由不在您的操作系统的CA列表的机构/公司签名。要避免计算机上的问题,您必须采取的措施 告诉它相信该证书 - 如果您没有任何理由怀疑它。
您需要检查用于您的gitLab服务器的网络证书,并将其添加到您的< / git_installation_folder> /bin/curl-ca-bundle.crt $ <$>
export GIT_SSL_NO_VERIFY = 1
#or
git config --global http.sslverify false
但这仅适用于测试,如 SSL使用浏览器,wget和curl,但是与git 失败,或在此博客。
检查您的GitLab设置, =https://github.com/gitlabhq/gitlabhq/issues/4272>问题4272 。
要获取该证书(您需要添加到 curl-ca-bundle.crt 文件),请键入:
echo -n | openssl s_client -showcerts -connect yourserver.com:YourHttpGilabPort 2> / dev / null | sed -ne'/ -BEGIN CERTIFICATE - /,/ - END CERTIFICATE- / p'
' yourserver.com '是您的GitLab服务器名称)
要检查CA(证书颁发机构颁发者) a:
echo -n | openssl s_client -showcerts -connect yourserver.com:YourHttpGilabPort 2> / dev / null | sed -ne'/ -BEGIN CERTIFICATE - /,/ - END CERTIFICATE- / p'| openssl x509 -noout -text | grepCA Issuers| head -1
Findekano 添加了中输入certs-ca-certificates-c / 21181447#comment35339408_21181447>:
c $ c> curl-ca-bundle.crt ,您可以使用命令
curl-config --ca
I can push by clone project using ssh, but it doesn't work when I clone project with https. it shows message error as below.
server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
TLDR:
hostname=XXX
port=443
trust_cert_file_location=`curl-config --ca`
sudo bash -c "echo -n | openssl s_client -showcerts -connect $hostname:$port 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >> $trust_cert_file_location"
Long answer
The basic reason is that your computer doesn't trust the certificate authority that signed the certificate used on the Gitlab server. This doesn't mean the certificate is suspicious, but it could be self-signed or signed by an institution/company that isn't in the list of your OS's list of CAs. What you have to do to circumvent the problem on your computer is telling it to trust that certificate - if you don't have any reason to be suspicious about it.
You need to check the web certificate used for your gitLab server, and add it to your </git_installation_folder>/bin/curl-ca-bundle.crt.
To check if at least the clone works without checking said certificate, you can set:
export GIT_SSL_NO_VERIFY=1
#or
git config --global http.sslverify false
But that would be for testing only, as illustrated in "SSL works with browser, wget, and curl, but fails with git", or in this blog post.
Check your GitLab settings, a in issue 4272.
To get that certificate (that you would need to add to your curl-ca-bundle.crt file), type a:
echo -n | openssl s_client -showcerts -connect yourserver.com:YourHttpGilabPort 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
(with 'yourserver.com' being your GitLab server name)
To check the CA (Certificate Authority issuer), type a:
echo -n | openssl s_client -showcerts -connect yourserver.com:YourHttpGilabPort 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'| openssl x509 -noout -text | grep "CA Issuers" | head -1
Findekano adds in the comments:
to identify the location of
curl-ca-bundle.crt, you could use the command
curl-config --ca
这篇关于服务器证书验证失败。 CAfile:/etc/ssl/certs/ca-certificates.crt CRLfile:none的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
