从命令行使用 CURL 的 https 连接 [英] https connection using CURL from command line

问题描述

我是 Curl 和 Cacerts 世界的新手，在连接到服务器时遇到了问题.基本上，我需要测试从一台机器到另一台机器的 https 连接.我有一个 URL，我需要从机器 A(一台 Linux 机器)连接到该 URL我在命令提示符下试过这个

I am new to Curl and Cacerts world and facing a problem while connecting to a server. Basically, I need to test connectivity over https from one machine to another machine. I have a URL to which I need to connect from Machine A (a linux machine) I tried this on command prompt

cmd> curl https://[my domain or IP address]

并得到以下内容:

curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

在通过互联网浏览一些文章时，我是这样做的:

On going through some articles over internet I did this:

openssl s_client -connect <domain name or Ip address>:443

并得到了一些回应，包括服务器证书(在 -----BEGIN CERTIFICATE----- 和 -----END CERTIFICATE----- 中).

and got some response including the server certificate (inside -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----).

接下来我该怎么做.我想，我只需要复制粘贴里面的文字BEGIN CERTIFICATE &END CERTIFICATE 并将其保存在文件中.但，它应该是什么类型的文件?.pem, .crt ?..之后我该怎么办?

What should I do next from here. I think, I will have to just copy paste the text inside BEGIN CERTIFICATE & END CERTIFICATE and save it in a file. But, What type of file it should be? .pem, .crt ?.. What should I be do after that?

我试过了 - 复制了 BEGIN CERTIFICATE & 里面的文字END CERTIFICATE 并将其保存在 .crt 文件中 - 将其命名为 my-ca.crt(也尝试将其命名为 my-ca.pem 文件)然后这样做:

I tried this - copied the text inside BEGIN CERTIFICATE & END CERTIFICATE and saved it in a .crt file - named it as my-ca.crt (also tried the same thing by naming it as my-ca.pem file) and then did this:

cmd>curl --cacert my-ca.crt https://[my domain or IP address]

但得到了同样的错误.

推荐答案

我遇到了同样的问题 - 我正在从我自己的站点获取一个页面，该页面通过 HTTPS 提供，但 curl 给出了相同的SSL 证书问题"信息.我通过向调用添加 -k 标志以允许不安全连接来解决它.

I had the same problem - I was fetching a page from my own site, which was served over HTTPS, but curl was giving the same "SSL certificate problem" message. I worked around it by adding a -k flag to the call to allow insecure connections.

curl -k https://whatever.com/script.php

我发现了问题的根源.我使用的是 SSL 证书(来自 StartSSL，但我认为这并不重要)并且没有正确设置中间证书.如果您遇到与上述 user1270392 相同的问题，最好测试您的 SSL 证书并修复在诉诸 curl -k 修复之前遇到的任何问题.

I discovered the root of the problem. I was using an SSL certificate (from StartSSL, but I don't think that matters much) and hadn't set up the intermediate certificate properly. If you're having the same problem as user1270392 above, it's probably a good idea to test your SSL cert and fix any issues with it before resorting to the curl -k fix.

这篇关于从命令行使用 CURL 的 https 连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！