4
我最近在Namecheap上获得了PositiveSSL证书,并将其安装在我的服务器上。从Firefox访问网站工作正常,但从Ruby的net/https库访问它不起作用:即使我已经指定了证书的路径,但我已检查该文件是否可读,但无法验证连接证书。卷曲也失败:SSL证书验证失败,如何找出导致它的原因?
curl --cacert /path/to/cert https://mysite.com/
它只是说这样的事情:
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
“证书验证失败”是不是一个非常有用的错误消息。我如何知道证书究竟有什么问题以及如何处理?我发现它让人困惑,它在浏览器中工作,但不在其他地方。
你可以给你的步骤吗? – 2012-09-09 06:32:15
@ccyoung首先从您处下载CA供应商:1.证书,我们称之为“cert.crt”,以及2.一个证书链,我们称之为“bundle.crt”。然后使用'cat cert.crt bundle.crt> cert.chained.crt'将它们连接起来,并在使用'cert.crt'的任何地方使用'cert.chained.crt'。这是有效的,因为客户现在将遵循证书链直到验证的授权。 – 2013-05-29 04:34:10