0

我已经在我的网站上安装了 SSL 证书,它可以在 chrome 和 Firefox 中运行。但是每当我使用我的网站 url 执行 curl 时,我都会收到以下错误。

* Connected to www.example.org port 443 (#0)
* found 148 certificates in /etc/ssl/certs/ca-certificates.crt
* found 597 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
* Closing connection 0
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

我已经看到了很多与此相关的问题并尝试过。我已经尝试在本地更新 ca 证书,并且错误从本地颁发者验证更改为现在的错误。

谁能建议我要去哪里穿?

4

1 回答 1

2

由于您没有提供复制问题的 URL,我只能推测可能是什么原因。但是您的服务器配置错误并且没有发送所需的链(中间)证书的可能性很高,即缺少某些链证书。桌面浏览器通常会解决此问题,但其他客户端通常会失败。

要验证我的猜测,请检查您的站点是否与SSLLabs并注意报告的链问题。

更新:根据 OP 在这个问题上的评论,我是对的。SSLLabs 抱怨“此服务器的证书链不完整”并因此将等级设置为 B。

于 2018-05-03T08:01:17.783 回答