我已在我的网站上安装了SSL证书,它在chrome和firefox中运行。 但每当我使用我的网站网址执行curl时,我都会收到以下错误。
* Connected to www.example.org port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 597 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
* Closing connection 0
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
我见过许多与此有关的问题,并尝试过。我已经尝试更新本地的ca-certificates,错误从本地发行者验证更改为现在的版本。
有人能建议我去哪儿吗?
答案 0 :(得分:2)
由于您没有提供复制问题的URL,我只能推测原因可能是什么。但是很可能您的服务器配置错误并且没有发送所需的链(中间)证书,即缺少某些链证书。桌面浏览器经常解决此问题,但其他客户端通常会失败。
要验证我的推测,请针对SSLLabs检查您的网站,并留意报告的链问题。
更新:根据OP在这个问题上的评论我是对的。 SSLLabs抱怨“此服务器的证书链不完整”并因此将等级设置为B.