SSL证书验证结果:无法获得本地颁发者证书(20)

时间:2015-04-02 05:36:52

标签: heroku openssl

我正在尝试使用Windows 8在Heroku上添加SSL证书。我指的是Heroku's ssl-endpoint article来添加它。一切都很好,直到最后一步,但是当我进入

curl -kvI https://www.example.com

它说

SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.

这是完整的输出:

* Adding handle: conn: 0x606458
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x606458) send_pipe: 1, recv_pipe: 0
* About to connect() to www.example.com port 443 (#0)
*   Trying 107.21.111.209...
* Connected to www.example.com (107.21.111.209) port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES128-SHA
* Server certificate:
*        subject: C=US; ST=California; L=San Francisco; O=Heroku, Inc.; CN=*.her
okuapp.com
*        start date: 2014-01-21 00:00:00 GMT
*        expire date: 2017-05-19 12:00:00 GMT
*        issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 Hig
h Assurance Server CA
*        SSL certificate verify result: unable to get local issuer certificate (
20), continuing anyway.
> HEAD / HTTP/1.1
> User-Agent: curl/7.30.0
> Host: www.example.com
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
* Server Cowboy is not blacklisted
< Server: Cowboy
Server: Cowboy
< Connection: keep-alive
Connection: keep-alive
< X-Powered-By: Express
X-Powered-By: Express
< Accept-Ranges: bytes
Accept-Ranges: bytes
< Date: Thu, 02 Apr 2015 05:14:25 GMT
Date: Thu, 02 Apr 2015 05:14:25 GMT
< Cache-Control: public, max-age=0
Cache-Control: public, max-age=0
< Last-Modified: Tue, 31 Mar 2015 14:21:19 GMT
Last-Modified: Tue, 31 Mar 2015 14:21:19 GMT
< Etag: W/"9e3-2781781373"
Etag: W/"9e3-2781781373"
< Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8
< Content-Length: 2531
Content-Length: 2531
< Set-Cookie: connect.sid=s%3AiRH8B-WEim3II5fgpXfF1otZXeqvmdMi.ibAcnpY2ATqERWyMJ
3c%2BptFMqgQLwrFQvAoOW6zh9HM; Path=/; HttpOnly
Set-Cookie: connect.sid=s%3AiRH8B-WEim3II5fgpXfF1otZXeqvmdMi.ibAcnpY2ATqERWyMJ3c
%2BptFMqgQLwrFQvAoOW6zh9HM; Path=/; HttpOnly
< Via: 1.1 vegur
Via: 1.1 vegur

<
* Connection #0 to host www.example.com left intact

这里有什么问题?提前谢谢。

2 个答案:

答案 0 :(得分:3)

我合并了两个SSL证书,然后将其上传到heroku上。结合两种SSL证书的命令是:

cat certificate.crt gd_bundle.crt > combine.crt

它会合并certificate.crtgd_bundle.crt来创建combine.crt

答案 1 :(得分:2)

您需要告知curl您信任的根证书存储区的位置。尝试:

curl -vI --cacert /etc/ssl/cert.pem


curl -vI --capath /etc/ssl/certs/

(系统受信任的根存储的确切路径因操作系统/发行版而异,因此它可能不完全是上述之一。)

相关问题
最新问题