Linux中使用curl命令訪問https站點錯誤和解決方法

1、Peer’s Certificate issuer is not recognized

代碼如下:

 [root@jiankong ~]# curl  -v  https://wx.87th.cn- -
 CAfile: /etc/pki/tls/certs/ca-bundle.crt
 CApath: none
 Peer's certificate issuer is not recognized: 'CN=Encryption Everywhere DV TLS CA - G2,OU=www.digicert.com,O=DigiCert Inc,C=US'

2、SSL routinescertificate verify failed

[root@jiankong ~]# curl https://wx.87th.cn
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:

errorSSL routinescertificate verify failed

解決辦法是更新本地CA證書庫。

方法一：

下載http://curl.haxx.se/ca/cacert.pem 替換/etc/pki/tls/certs/ca-bundle.crt

方法二：

使用update-ca-trust 更新CA證書庫。（CentOS6，屬于ca-certificates包）

方法三：

解決辦法是將簽發該證書的私有CA公鑰cacert.pem文件內容，追加到/etc/pki/tls/certs/ca-bundle.crt