cURL说证书已过期,Firefox表示不同意 [英] cURL says certificate is expired, Firefox disagrees
问题描述
我正在尝试通过cURL访问内部网站(几天前可以访问)。但是,cURL给出错误 curl:(60)SSL证书问题:证书已过期。如果我使用 openssl 来检查证书的开始和结束日期,它将给出一个我很适合的时间表:
回声| openssl s_client -connect internalsite.example.com:443 2> / dev / null | openssl x509 -noout -dates
notBefore = Nov 30 00:00:00 2012 GMT
notAfter = Mar 30 12:00:00 2016 GMT
#供参考,我发布的那天这是2014年7月30日
另外,如果我在其他计算机上使用cURL,或通过
此外,我无法在自己的计算机上连接任何版本的cURL;这包括Cygwin中的cURL和虚拟机内部的Ubuntu上的cURL,以及Windows版本。
什么会引起这种行为?
我的curl正在使用存储在以下位置的证书捆绑包:
/ etc / ssl / certs /ca-certificates.crt
我过去曾遇到过此问题,我通过查看正在运行curl的计算机并比较.crt文件来解决此问题。
我又遇到了这个问题,这次我只是通过从较新的版本复制整个文件来解决此问题。机器(较新的Ubuntu安装-我遇到问题的机器是古老的)。
而且有效。
I'm trying to access an internal site via cURL (which I could access several days ago). However, cURL gives the error curl: (60) SSL certificate problem: certificate has expired. If I use openssl to check the start and end dates of the certificate, it gives a timeframe that I'm well within:
echo | openssl s_client -connect internalsite.example.com:443 2>/dev/null | openssl x509 -noout -dates
notBefore=Nov 30 00:00:00 2012 GMT
notAfter=Mar 30 12:00:00 2016 GMT
# For reference, the day I'm posting this is July 30th, 2014
Additionally, if I use cURL on a different computer, or connect via the browser (Firefox, Chrome, or IE), I can connect without error.
Also, I'm unable to connect with any version of cURL on my own computer; this includes cURL in Cygwin and cURL on Ubuntu inside a virtual machine, as well as the Windows version.
What might give rise to this behaviour?
My curl is using the certificate bundle stored in:
/etc/ssl/certs/ca-certificates.crt
I've had this problem in the past, and I fixed it by looking at a machine where curl was working and comparing the .crt files from those two machines, and copying the missing certificate over.
I just had this problem again, and I fixed it this time by just copying the entire file over from the newer machine (a more recent Ubuntu install----the machine where I have the problem is ancient).
And it worked.
这篇关于cURL说证书已过期,Firefox表示不同意的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
