https connection using CURL from command line

2019-01-20 23:47发布

站内问答 / 移动开发
599 10 4

I am new to Curl and Cacerts world and facing a problem while connecting to a server. Basically, I need to test connectivity over https from one machine to another machine. I have a URL to which I need to connect from Machine A (a linux machine) I tried this on command prompt

cmd> curl https://[my domain or IP address]

and got the following:

curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

On going through some articles over internet I did this:

openssl s_client -connect <domain name or Ip address>:443

and got some response including the server certificate (inside -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----).

What should I do next from here. I think, I will have to just copy paste the text inside BEGIN CERTIFICATE & END CERTIFICATE and save it in a file. But, What type of file it should be? .pem, .crt ?.. What should I be do after that?

I tried this - copied the text inside BEGIN CERTIFICATE & END CERTIFICATE and saved it in a .crt file - named it as my-ca.crt (also tried the same thing by naming it as my-ca.pem file) and then did this:

cmd>curl --cacert my-ca.crt https://[my domain or IP address]

But got the same error.

10条回答
戒情不戒烟
2楼-- · 2019-01-21 00:11

use --cacert to specify a .crt file. ca-root-nss.crt for example.

查看更多
0人赞 添加讨论(0) 举报
Ridiculous、
3楼-- · 2019-01-21 00:14

Simple solution

That's my everyday script:

curl --insecure -v https://www.google.com 2>&1 | awk 'BEGIN { cert=0 } /^\* Server certificate:/ { cert=1 } /^\*/ { if (cert) print }'

Output:

* Server certificate:
*    subject: C=US; ST=California; L=Mountain View; O=Google Inc; CN=www.google.com
*    start date: 2016-01-07 11:34:33 GMT
*    expire date: 2016-04-06 00:00:00 GMT
*    issuer: C=US; O=Google Inc; CN=Google Internet Authority G2
*    SSL certificate verify ok.
* Server GFE/2.0 is not blacklisted
* Connection #0 to host www.google.com left intact
查看更多
0人赞 添加讨论(0) 举报
何必那么认真
4楼-- · 2019-01-21 00:14

having dignosed the problem I was able to use the existing system default CA file, on debian6 this is:

/etc/ssl/certs/ca-certificates.crt

as root this can be done like:

echo curl.cainfo=/etc/ssl/certs/ca-certificates.crt >> /etc/php5/mods-available/curl.ini

then re-start the web-server.

查看更多
0人赞 添加讨论(0) 举报
疯言疯语
5楼-- · 2019-01-21 00:14

you could use this

curl_setopt($curl->curl, CURLOPT_SSL_VERIFYPEER, false);

查看更多
0人赞 添加讨论(0) 举报
上一页 1 2
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)