https连接使用CURL从命令行 [英] https connection using CURL from command line
问题描述
我是Curl和Cacerts的新手,在连接到服务器时遇到问题。
基本上,我需要测试通过https从一台机器到另一台机器的连接。
我有一个URL,我需要从机器A(linux机器)连接
我在命令提示符下尝试这个
cmd> curl https:// [my domain or IP address]
,并获得以下内容:
curl:(60)SSL证书问题,请验证CA证书是否正确。详细信息:
错误:14090086:SSL例程:SSL3_GET_SERVER_CERTIFICATE:证书验证失败
在互联网上的一些文章我这样做:
openssl s_client -connect<域名或IP地址>:443
,并得到一些响应,包括
服务器证书(在 BEGIN CERTIFICATE -----和----- END CERTIFICATE ----- )。
这里。我想,我只需要复制粘贴文本里面的
BEGIN CERTIFICATE& END CERTIFICATE 并将其保存在文件中。
但是,
它应该是什么类型的文件? .pem , .crt ?..
之后我应该怎么办?
我试过这个 - 复制内的文本BEGIN CERTIFICATE& END CERTIFICATE 并将其保存在 .crt 文件中 - 命名为 my-ca.crt (也尝试同样的命名为 my-ca.pem 文件)
然后这样做:
cmd> curl --cacert my-ca.crt https:// [my domain or IP address]
pre>
但也有同样的错误。
解决方案同样的问题 - 我从我自己的网站,这是通过HTTPS提供的页面,但curl给了相同的SSL证书问题消息。我通过在调用中添加 -k 标志来允许不安全的连接。
code> curl -k https://whatever.com/script.php
我发现了问题的根源。我使用SSL证书(从StartSSL,但我认为没有什么重大),并没有正确设置中间证书。如果您遇到与上述user1270392相同的问题,最好测试您的SSL证书,并修复在执行 curl -k 修复之前的任何问题。
I am new to Curl and Cacerts world and facing a problem while connecting to a server. Basically, I need to test connectivity over https from one machine to another machine. I have a URL to which I need to connect from Machine A (a linux machine) I tried this on command prompt
cmd> curl https://[my domain or IP address]
and got the following:
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
On going through some articles over internet I did this:
openssl s_client -connect <domain name or Ip address>:443
and got some response including the
server certificate (inside -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----).
What should I do next from here. I think, I will have to just copy paste the text inside
BEGIN CERTIFICATE & END CERTIFICATE and save it in a file.
But,
What type of file it should be? .pem, .crt ?..
What should I be do after that?
I tried this - copied the text inside BEGIN CERTIFICATE & END CERTIFICATE and saved it in a .crt file - named it as my-ca.crt (also tried the same thing by naming it as my-ca.pem file)
and then did this:
cmd>curl --cacert my-ca.crt https://[my domain or IP address]
But got the same error.
I had the same problem - I was fetching a page from my own site, which was served over HTTPS, but curl was giving the same "SSL certificate problem" message. I worked around it by adding a -k flag to the call to allow insecure connections.
curl -k https://whatever.com/script.php
Edit: I discovered the root of the problem. I was using an SSL certificate (from StartSSL, but I don't think that matters much) and hadn't set up the intermediate certificate properly. If you're having the same problem as user1270392 above, it's probably a good idea to test your SSL cert and fix any issues with it before resorting to the curl -k fix.
这篇关于https连接使用CURL从命令行的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
