SSL:目标更改IP地址后无法识别证书

时间:2014-07-23 14:19:56

标签: svn ssl openssl debian ssl-certificate

将IP地址更改为SVN服务器后,我尝试使用命令 svn relocate https://xxx.xxx.xxx.xxx/svn/dir ./ 在Linux机器(Debian Squeeze)上重新定位我的存储库,但是我收到此错误:

svn: E120171: Unable to connect to a repository at URL 'https://xxx.xxx.xxx.xxx/svn'
svn: E120171: Error running context: An error occurred during SSL communication

svn ls https://xxx.xxx.xxx.xxx/svn

的错误相同

我也发现卷曲错误:

curl -v  https://xxx.xxx.xxx.xxx/svn/directory                                                 * About to connect() to xxx.xxx.xxx.xxx port 443 (#0)
*   Trying xxx.xxx.xxx.xxx... connected
* Connected to xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
* Closing connection #0
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

在另一台服务器上,相同的命令正常运行且没有错误。 这是证书问题?我该怎么接受呢?

通常程序会问我是否必须永久接受。为什么这不再发生了?

1 个答案:

答案 0 :(得分:0)

如果该命令来自不在同一域(或IP)上的其他服务器,我将首先刷新我的DNS,然后再次尝试。证书提供的名称和/或IP可能与您尝试连接的域或IP不匹配。