当我尝试向google.com发送https请求时,我刚刚开始看到
[root@ip-172-31-47-76 ~]# curl -I -v https://google.com
* Rebuilt URL to: https://google.com/
* Trying 216.58.193.78...
* TCP_NODELAY set
* Connected to google.com (216.58.193.78) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* Server certificate:
* subject: CN=*.google.com,O=Google Inc,L=Mountain View,ST=California,C=US
* start date: Feb 20 14:17:23 2018 GMT
* expire date: May 15 14:08:00 2018 GMT
* common name: *.google.com
* issuer: CN=Google Internet Authority G2,O=Google Inc,C=US
* NSS error -8172 (SEC_ERROR_UNTRUSTED_ISSUER)
* Peer's certificate issuer has been marked as not trusted by the user.
* stopped the pause stream!
* Closing connection 0
curl: (60) Peer's certificate issuer has been marked as not trusted by the user.
More details here: https://curl.haxx.se/docs/sslcerts.html
这会影响我更新系统的能力,因为yum更新请求也会失败。我尝试使用此页面上的说明重新导入我的证书:https://access.redhat.com/solutions/1549003。我还尝试使用以下说明手动添加Google证书:https://curl.haxx.se/docs/sslcerts.html。两者都没有。
我不确定它是否相关,但我尝试使用certutil实用程序进一步排除故障,但无法运行
[root@ip-172-31-47-76 ~]# certutil
certutil: /usr/local/firefox/libnss3.so: version `NSS_3.30' not found (required by certutil)
不太确定这里发生了什么,但我会感激任何帮助。