在OSX上卷曲验证证书不正确

时间:2016-10-14 10:13:45

标签: curl https

问题:

我使用curl在我的MacOs上启动https请求:

enter image description here

但是witing wget:

wget -v https://m2.mogucdn.com/p1/160725/upload_ifrtenzsgq4gcodghezdambqhayde_217x278.jpg
--2016-10-14 17:57:33-- https://m2.mogucdn.com/p1/160725/upload_ifrtenzsgq4gcodghezdambqhayde_217x278.jpg
Resolving m2.mogucdn.com... 183.134.101.194, 183.158.35.59, 183.158.35.57, ...
Connecting to m2.mogucdn.com|183.134.101.194|:443... connected.
ERROR: cannot verify m2.mogucdn.com's certificate, issued by 'CN=Symantec Class 3 Secure Server CA - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US':
Unable to locally verify the issuer's authority.
To connect to m2.mogucdn.com insecurely, use `--no-check-certificate'.

作为比较,在CentOS7上使用curl:

curl -vo /dev/null https://m2.mogucdn.com/p1/160725/upload_ifrtenzsgq4gcodghezdambqhayde_217x278.jpg
% Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                             Dload  Upload   Total   Spent    Left  Speed
0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--   0*   Trying 183.158.35.60...
* TCP_NODELAY set
* Connected to m2.mogucdn.com (183.158.35.60) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* Server certificate:
*       subject: CN=*.mogucdn.com,OU=RD,O=Hangzhou Juangua Network      Limited,L=Hangzhou,ST=Zhejiang,C=CN
*       start date: Mar 02 00:00:00 2015 GMT
*       expire date: Mar 01 23:59:59 2018 GMT
*       common name: *.mogucdn.com
*       issuer: CN=Symantec Class 3 Secure Server CA - G4,OU=Symantec Trust Network,O=Symantec Corporation,C=US
* NSS error -8179 (SEC_ERROR_UNKNOWN_ISSUER)
* Peer's Certificate issuer is not recognized.
* Curl_http_done: called premature == 1
* stopped the pause stream!
0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
* Closing connection 0
curl: (60) Peer's Certificate issuer is not recognized.
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.

OSX上的curl和centos上的curl有什么区别

0 个答案:

没有答案
相关问题
最新问题