发表新帖
发表新帖

curl: (60) SSL certificate problem: unable to get local issuer certificate

前端 未结
关注
26 2436
我寻月下人不归
我寻月下人不归 2020-11-22 08:09 
root@sclrdev:/home/sclr/certs/FreshCerts# curl --ftp-ssl --verbose ftp://{abc}/ -u trup:trup --cacert /etc/ssl/certs/ca-certificates.crt
* About to connect() to {abc
26条回答
  • 栀梦
    栀梦 (楼主)
    2020-11-22 08:29

    I have encountered this problem as well. I've read this thread and most of the answers are informative but overly complex to me. I'm not experienced in networking topics so this answer is for people like me.

    In my case, this error was happening because I didn't include the intermediate and root certificates next to the certificate I was using in my application.

    Here's what I got from the SSL certificate supplier:

    - abc.crt
- abc.pem
- abc-bunde.crt

    In the abc.crt file, there was only one certificate:

    -----BEGIN CERTIFICATE-----
/*certificate content here*/
-----END CERTIFICATE-----

    If I supplied it in this format, the browser would not show any errors (Firefox) but I would get curl: (60) SSL certificate : unable to get local issuer certificate error when I did the curl request.

    To fix this error, check your abc-bunde.crt file. You will most likely see something like this:

    -----BEGIN CERTIFICATE-----
/*additional certificate content here*/
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
/*other certificate content here*/
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
/*different certificate content here*/
-----END CERTIFICATE-----

    These are your Intermediate and root certificates. Error is happening because they are missing in the SSL certificate you're supplying to your application.

    To fix the error, combine the contents of both of these files in this format:

    -----BEGIN CERTIFICATE-----
/*certificate content here*/
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
/*additional certificate content here*/
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
/*other certificate content here*/
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
/*different certificate content here*/
-----END CERTIFICATE-----

    Note that there are no spaces between certificates, at the end or at the start of the file. Once you supply this combined certificate to your application, your problem should be fixed.

    0 讨论(0)
 看不清?
提交回复
热议问题