SSL_ERROR_WEAK_SERVER_CERT_KEY-解决方法?

时间:2019-06-25 14:58:14

标签: curl ssl-certificate

我必须通过Web界面访问较旧的设备:

bash-4.2# curl -0 -v -k -u ADMIN:ADMIN https://10.130.1.1/redfish/v1
* About to connect() to 10.130.1.1 port 443 (#0)
*   Trying 10.130.1.1...
* Connected to 10.130.1.1 (10.130.1.1) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* NSS error -12156 (SSL_ERROR_WEAK_SERVER_CERT_KEY)
* The server certificate included a public key that was too weak.
* Closing connection 0
curl: (35) The server certificate included a public key that was too weak.
bash-4.2# curl -v -k -u ADMIN:ADMIN https://10.130.1.1/redfish/v1
* About to connect() to 10.130.1.1 port 443 (#0)
*   Trying 10.130.1.1...
* Connected to 10.130.1.1 (10.130.1.1) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* NSS error -12156 (SSL_ERROR_WEAK_SERVER_CERT_KEY)
* The server certificate included a public key that was too weak.
* Closing connection 0
curl: (35) The server certificate included a public key that was too weak.

通过openssl运行它,我可以看到:

...
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (512 bit)
...

我无法更改来自服务器的内容-因此,有没有办法告诉curl继续使用它呢?

1 个答案:

答案 0 :(得分:0)

在openssl.cnf中尝试更改

[system_default_sect]
CipherString = DEFAULT@SECLEVEL=0

看看是否有帮助。

相关问题
最新问题