- 问题
今天发现又有一个RSS订阅站点出错。浏览器访问正常显示订阅源,接着登陆服务器curl网站发现报错。
curl: (60) Peer's Certificate issuer is not recognized.
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
- 解决方案
将目标网站的crt下载下来。转换为pem并且追加进/etc/pki/tls/certs/ca-bundle.crt(Centos)
实例:
- 找到网站所在的证书
- 复制证书地址-->服务器终端:curl -O example.crt(证书地址)
cd /etc/pki/tls/certs/ca-bundle.crt
curl curl -O example.crt(证书地址)
#将crt转换为pem(example.crt为下载下来的证书文件,自行替换)
openssl x509 -in example.crt -inform der -outform pem -out temp.pem
#将内容追加进去ca-bundle.crt文件
cat temp.pem >> /etc/pki/tls/certs/ca-bundle.crt
- 测试
在这里已经可以正常访问了!!!
