curl: (60) SSL 证书问题:无法获取本地颁发者证书 [英] curl: (60) SSL certificate problem: unable to get local issuer certificate

问题描述

root@sclrdev:/home/sclr/certs/FreshCerts# curl --ftp-ssl --verbose ftp://{abc}/ -u trup:trup --cacert /etc/ssl/certs/ca-certificates.crt
* About to connect() to {abc} port 21 (#0)
*   Trying {abc}...
* Connected to {abc} ({abc}) port 21 (#0)
< 220-Cerberus FTP Server - Home Edition
< 220-This is the UNLICENSED Home Edition and may be used for home, personal use only
< 220-Welcome to Cerberus FTP Server
< 220 Created by Cerberus, LLC
> AUTH SSL
< 234 Authentication method accepted
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

推荐答案

关于'SSL证书问题:无法获得本地颁发者证书'错误.需要注意的是，这适用于发送 CURL 请求的系统，而不是接收请求的服务器.

Relating to 'SSL certificate problem: unable to get local issuer certificate' error. It is important to note that this applies to the system sending the CURL request, and NOT the server receiving the request.

1. 从 https://curl.haxx.se/下载最新的 cacert.pemca/cacert.pem

在 curl 命令中添加--cacert/path/to/cacert.pem"选项以告诉 curl 本地证书颁发机构文件的位置.

Add the '--cacert /path/to/cacert.pem' option to the curl command to tell curl where the local Certificate Authority file is.

(或)创建或添加到.curlrc"文件中的行:cacert =/path/to/cacert.pem参见'man curl'，关于'-K, --config '的部分有关 curl 在何处查找此文件的信息的部分.

(or) Create or add to a '.curlrc' file the line: cacert = /path/to/cacert.pem See 'man curl', the section about the '-K, --config <file>' section for information about where curl looks for this file.

(或者如果使用 php)将以下行添加到 php.ini 中:(如果这是共享主机并且您无权访问 php.ini，那么您可以将其添加到 public_html 中的 .user.ini).

(or if using php) Add the following line to php.ini: (if this is shared hosting and you don't have access to php.ini then you could add this to .user.ini in public_html).

curl.cainfo=/path/to/downloaded/cacert.pem"

确保将路径用双引号括起来！！！

1. (也许也适用于 php)默认情况下，FastCGI 进程将每 300 秒解析一次新文件(如果需要，您可以按照此处的建议添加几个文件来更改频率https://ss88.uk/blog/fast-cgi-and-user-ini-files-the-new-htaccess/).

这篇关于curl: (60) SSL 证书问题:无法获取本地颁发者证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！