发表新帖
发表新帖

Getting error in Curl - Peer certificate cannot be authenticated with known CA certificates

前端 未结
关注
6 1985
长发绾君心
长发绾君心 2021-01-02 03:33

I am getting the below error while making ssl connection with self signed certificate. \"Peer certificate cannot be authenticated with known CA certificates\"

It is

相关标签:
6条回答
  • 南旧
    2021-01-02 03:49

    For php it is possible to switch off curl's verification of the certificate (see warning below) e.g. for curl_exec

      curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);

    http://php.net/manual/en/function.curl-setopt.php

    (evaluate the security risk yourself, in my case it was on a partner company's server and the file required contained no secure information - just happened to be on a secure server)

    0 讨论(0)
  • 暖寄归人
    2021-01-02 03:57

    In 'C'

    curl_easy_setopt(curl_handle, CURLOPT_SSL_VERIFYPEER, 0);

    worked for me

    0 讨论(0)
  • 猫巷女王i
    2021-01-02 03:59

    By default CURL will generally verify the SSL certificate to see if its valid and issued by an accepted CA. To do this, curl uses a bundled set of CA certificates.

    If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. Here's an example:

    curl --noproxy -k \* -D - https://127.0.0.1:443/some-secure-endpoint
    0 讨论(0)
  • 囚心锁ツ
    2021-01-02 04:01

    libcurl performs peer SSL certificate verification by default. This is done by using CA cert bundle that the SSL library can use to make sure the peer's server certificate is valid.

    If you communicate with HTTPS or FTPS servers using certificates that are signed by CAs present in the bundle, you can be sure that the remote server really is the one it claims to be.

    Until 7.18.0, curl bundled a severely outdated ca bundle file that was installed by default. These days, the curl archives include no ca certs at all. You need to get them elsewhere. See below for example.

    For more to know about Peer SSL Certificate Verification visit http://curl.haxx.se/docs/sslcerts.html

    0 讨论(0)
  • 無奈伤痛
    2021-01-02 04:02

    We fixed a similar issue on CentOS 6 by updating curl to the latest version available in the standard repositories and installing the newest ca-certificates bundle:

    yum update curl
yum install ca-certificates
    0 讨论(0)
  • 感动是毒
    2021-01-02 04:02

    Though this error happened in the case of using git clone rather than with using curl, I've recently stumbled across an identical error message:

    Peer certificate cannot be authenticated with known CA certificates

    Similar to Arth's findings, something that worked for CentOS 6 (in order to successfully use HTTPS URLs with git clone for related GitLab repositories) involved updating the trusted certificates on the server (i.e., the server that is using HTTPS), using the following steps:

    1. sudo yum install ca-certificates
    2. sudo update-ca-trust enable
    3. sudo cp /path/to/your_new_cert.crt /etc/pki/ca-trust/source/anchors/
    4. sudo update-ca-trust extract

    Perhaps the same certificate steps can be applied for the case of curl (or other similar scenarios) for users on CentOS in the future.

    0 讨论(0)
 看不清?
提交回复
热议问题