All https requests from my linux vm (Centos) fail due to invalid certificate

时间:2019-01-07 12:53:57

标签: linux ssl curl https vmware

I have been searching the web a long time to find the answer to my problem, so I'll post this question and answer it myself.

A note about the comment below that this question doesn't belong here:

In PHP (Drupal) all my curl requests to the Mandrill API suddenly stopped working. It took me a long time to debug what the cause of the problem was, but I learned a lot of this process. Since the final debugging was very simple and may aid others in their process, I still think this question and solution belong here in stackoverflow.com.

After debugging in PHP I started debugging from commandline in order to find the problem and it turned out that as in PHP, also outside of PHP all my https requests failed, saying the website's certificate was invalid.

For example:

curl https://www.stackoverflow.com/

This would throw a curl error about the certificate issuer. Sadly, at the current time I can't find back the actual error message, but I hope I can still help other people with this issue.

All posts I found about this were about updating Centos, installing the root certificate, etc. All that didn't work, so I completely reïnstalled the machine and then got the same error.

The main problem for me was that curl requests in PHP didn't work, so that belongs here on stackoverflow.com. My solution below (how I ended up debugging) was outside of PHP, but that may still help other (PHP) programmers to fix problems.

1 个答案:

答案 0 :(得分:1)

Finally I tried the following:

curl -I -v https://www.stackoverflow.com/

The verbose option displayed the information I needed and so I found out that all certificates were being issued by issuer: C=SK,O="ESET, spol. s r. o.",CN=ESET SSL Filter CA

Now ESET is my virusscanner on Windows (being controlled by our ICT partner). It turned out that (by mistake) an option had been enabled which then controls all https-traffic, including the traffic coming from the virtualmachine.

So TL;DR: Debug this problem using curl's "-v" option in order to get valuable information, including the state of your root certificate, etc.