Wget:无法在本地验证颁发者的权限/ Curl:证书验证失败

时间:2016-04-05 11:50:54

标签: curl https openssl certificate wget

我正在尝试通过https从我的Centos 5.11服务器向任意网络服务器发出请求。但是无论我尝试访问哪个主机,都会收到描述证书错误的错误。我认为这不是目标服务器的问题,但更可能是发送请求的本地系统的问题。

我一直在寻找解决方案,并尝试修改我的'/etc/pki/tls/certs/ca-bundle.crt'文件(基于这篇文章http://www.doxer.org/resolved-unable-to-locally-verify-the-issuers-authority/)但是没有能够解决这个问题。我很确定解决方案是调整我的openssl配置,但我不确定是什么。

我已经包含了一些日志来演示我遇到的错误。您可以看到每个wget请求都响应“无法在本地验证颁发者的权限”,并且每个curl请求都响应“certificate verify failed”。

非常感谢,

[root@host tmp]# wget https://www.thawte.com

--2016-04-05 12:16:24--  https://www.thawte.com/
Connecting to 192.168.1.239:3128... connected.
ERROR: cannot verify www.thawte.com's certificate, issued by `/C=US/O=thawte,         Inc./CN=thawte Extended Validation SHA256 SSL CA':
  Unable to locally verify the issuer's authority.
To connect to www.thawte.com insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.



[root@host tmp]# curl -sv -o /dev/null https://www.thawte.com

* About to connect() to proxy 192.168.1.239 port 3128
*   Trying 192.168.1.239... connected
* Connected to 192.168.1.239 (192.168.1.239) port 3128
* Establish HTTP proxy tunnel to www.thawte.com:443
> CONNECT www.thawte.com:443 HTTP/1.0
> Host: www.thawte.com:443
> User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5     OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
> Proxy-Connection: Keep-Alive
>
< HTTP/1.0 200 Connection established
<
* Proxy replied OK to CONNECT request
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSLv2, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS alert, Server hello (2):
SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify     failed
* Closing connection #0



[root@host tmp]# wget https://www.rapidssl.com

--2016-04-05 12:20:10--  https://www.rapidssl.com/
Connecting to 192.168.1.239:3128... connected.
ERROR: cannot verify www.rapidssl.com's certificate, issued by     `/C=US/O=GeoTrust Inc./CN=GeoTrust Extended Validation SHA256 SSL CA':
  Unable to locally verify the issuer's authority.
To connect to www.rapidssl.com insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.



[root@host tmp]# curl -sv -o /dev/null https://www.rapidssl.com/

* About to connect() to proxy 192.168.1.239 port 3128
*   Trying 192.168.1.239... connected
* Connected to 192.168.1.239 (192.168.1.239) port 3128
* Establish HTTP proxy tunnel to www.rapidssl.com:443
> CONNECT www.rapidssl.com:443 HTTP/1.0
> Host: www.rapidssl.com:443
> User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5     OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
> Proxy-Connection: Keep-Alive
>
< HTTP/1.0 200 Connection established
<
* Proxy replied OK to CONNECT request
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSLv2, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS alert, Server hello (2):
SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify     failed
* Closing connection #0

0 个答案:

没有答案
相关问题
最新问题