我最近在 Namecheap 获得了 PositiveSSL 证书并将其安装在我的服务器上。从 Firefox 访问站点工作正常,但从 Ruby 的 net/https 库访问它不起作用:它无法验证连接证书,即使我已经指定了证书的路径并且我已经检查了文件可读. curl 也失败了:
curl --cacert /path/to/cert https://mysite.com/
它只是说了这样的话:
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
“证书验证失败”不是非常有用的错误消息。我如何找出我的证书究竟有什么问题以及如何处理?我发现它在浏览器中有效但在其他任何地方都无效,这让我很困惑。
最佳答案
看起来 curl 要求 CA 证书文件包含链中的所有证书。我已经下载了所有这些并将它们合并到一个文件中,现在 Curl 和 Ruby 都很满意。
关于SSL证书验证失败,如何判断是什么原因导致的?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/5083928/