curl:(60)SSL证书:无法获取本地发行者证书 [英] curl: (60) SSL certificate: unable to get local issuer certificate

问题描述

只需在我们的服务器上安装Comodo证书，(centos 5)https即可正常运行，而网站可通过https正常运行.但是我们的wordpress插件

Just installed a Comodo certificate on our server, (centos 5) https works fine, the website works fine with https. But one of our wordpress plugin

.htaccess 文件包含用于将url https://example.com/w3tc_rewrite_test 重写为 https://example.com/?w3tc_rewrite_test 的规则代码>，如果由插件处理，则返回确定"消息.该插件向 https://example.com/w3tc_rewrite_test 发出了请求，但收到了

.htaccess file contains rules to rewrite url https://example.com/w3tc_rewrite_test into https://example.com/?w3tc_rewrite_test which, if handled by plugin, return "OK" message. The plugin made a request to https://example.com/w3tc_rewrite_test but received:

SSL证书问题:无法获取本地颁发者证书

SSL certificate problem: unable to get local issuer certificate

而不是确定"响应.

执行命令: curl https://example.com 结果:

curl: (60) SSL certificate problem: unable to get local issuer certificate

在外部服务器上:

curl: (60) Peer certificate cannot be authenticated with known CA certificates

我已经下载了最新的ca证书，手动指向了php.ini中的crt/pem文件，但无济于事...

I already downloaded the latest ca certificates, manually pointed to the crt/pem file in php.ini all to no avail...

还将CA服务器证书更改为comodo提供的CAroot.

Also changed the CA server certificate to the CAroot that was supplied by comodo.

openssl s_client -connect example.com:443

CONNECTED(00000003)
28211:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:

openssl s_client -tls1 -connect example.com:443

CONNECTED(00000003)
depth=0 /OU=Domain Control Validated/OU=PositiveSSL/CN=www.example.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /OU=Domain Control Validated/OU=PositiveSSL/CN=www.example.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /OU=Domain Control Validated/OU=PositiveSSL/CN=www.example.com
verify error:num=21:unable to verify the first certificate
verify return:1

推荐答案

使用 SSLLabs 解决问题，尤其是缺少链证书.至少您提到的网站 swedendedicated.com (在您进行最后编辑之前)存在严重问题:

Check your sites with SSLLabs for problems, especially missing chain certificates. At least the site swedendedicated.com you mentioned (before you did the last edit) has serious problems:

  Chain issues  Incomplete

因此，它将与大多数浏览器一起使用，这些浏览器可以缓存丢失的证书或下载丢失的证书.非浏览器通常不会缓存也不下载丢失的证书，因此会失败.

Thus it will work with most browsers which either have the missing certificate cached or will download the missing certificate. Non-Browsers will usually neither cache nor download missing certificates and thus will fail.

解决方法是重新配置服务器，以包括缺少的证书.如果您对如何执行此操作有疑问，请查看从证书提供商处获得的说明.如果这样不能解决问题，请访问serverfault.com.

The fix is to reconfigure your server to include the missing certificates. If you have questions how to do this look at the instructions you got from your certificate provider. If this does not help ask at serverfault.com.

这篇关于curl:(60)SSL证书:无法获取本地发行者证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！