从命令行使用 CURL 的 https 连接 [英] https connection using CURL from command line
问题描述
我是 Curl 和 Cacerts 世界的新手,在连接到服务器时遇到了问题.基本上,我需要测试从一台机器到另一台机器的 https 连接.我有一个 URL,我需要从机器 A(一台 Linux 机器)连接到该 URL我在命令提示符下试过这个
I am new to Curl and Cacerts world and facing a problem while connecting to a server. Basically, I need to test connectivity over https from one machine to another machine. I have a URL to which I need to connect from Machine A (a linux machine) I tried this on command prompt
cmd> curl https://[my domain or IP address]
并得到以下内容:
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
在通过互联网浏览一些文章时,我是这样做的:
On going through some articles over internet I did this:
openssl s_client -connect <domain name or Ip address>:443
并得到了一些回应,包括服务器证书(在 -----BEGIN CERTIFICATE----- 和 -----END CERTIFICATE-----
中).
and got some response including the
server certificate (inside -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----
).
接下来我该怎么做.我想,我只需要复制粘贴里面的文字BEGIN CERTIFICATE &END CERTIFICATE
并将其保存在文件中.但,它应该是什么类型的文件?.pem
, .crt
?..之后我该怎么办?
What should I do next from here. I think, I will have to just copy paste the text inside
BEGIN CERTIFICATE & END CERTIFICATE
and save it in a file.
But,
What type of file it should be? .pem
, .crt
?..
What should I be do after that?
我试过了 - 复制了 BEGIN CERTIFICATE & 里面的文字END CERTIFICATE
并将其保存在 .crt
文件中 - 将其命名为 my-ca.crt
(也尝试将其命名为 my-ca.pem
文件)然后这样做:
I tried this - copied the text inside BEGIN CERTIFICATE & END CERTIFICATE
and saved it in a .crt
file - named it as my-ca.crt
(also tried the same thing by naming it as my-ca.pem
file)
and then did this:
cmd>curl --cacert my-ca.crt https://[my domain or IP address]
但得到了同样的错误.
推荐答案
我遇到了同样的问题 - 我正在从我自己的站点获取一个页面,该页面通过 HTTPS 提供,但 curl 给出了相同的SSL 证书问题"信息.我通过向调用添加 -k
标志以允许不安全连接来解决它.
I had the same problem - I was fetching a page from my own site, which was served over HTTPS, but curl was giving the same "SSL certificate problem" message. I worked around it by adding a -k
flag to the call to allow insecure connections.
curl -k https://whatever.com/script.php
我发现了问题的根源.我使用的是 SSL 证书(来自 StartSSL,但我认为这并不重要)并且没有正确设置中间证书.如果您遇到与上述 user1270392 相同的问题,最好测试您的 SSL 证书并修复在诉诸 curl -k
修复之前遇到的任何问题.
I discovered the root of the problem. I was using an SSL certificate (from StartSSL, but I don't think that matters much) and hadn't set up the intermediate certificate properly. If you're having the same problem as user1270392 above, it's probably a good idea to test your SSL cert and fix any issues with it before resorting to the curl -k
fix.
这篇关于从命令行使用 CURL 的 https 连接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!