我想向https://www.bnro.ro/nbrfxrates.xml(罗马尼亚国家银行)发出GET请求,以获取今天的汇率。
虽然XML文档在浏览器中加载正常(在Safari和Chrome中测试),但在终端中却出现了故障(使用Node.js和curl检查):
$ curl -vL http://www.bnro.ro/nbrfxrates.xml
* Expire in 0 ms for 6 (transfer 0x7f8a5c009c00)
* Expire in 1 ms for 1 (transfer 0x7f8a5c009c00)
...
* Expire in 5 ms for 1 (transfer 0x7f8a5c009c00)
* Trying 194.102.208.89...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x7f8a5c009c00)
* Connected to www.bnro.ro (194.102.208.89) port 80 (#0)
> GET /nbrfxrates.xml HTTP/1.1
> Host: www.bnro.ro
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 302 Found
< Date: Fri, 14 Jun 2019 11:13:13 GMT
< Location: https://www.bnro.ro/nbrfxrates.xml
< Server: BigIP
< Content-Length: 0
< X-Cache: MISS from HS-F0
< X-Cache-Lookup: MISS from HS-F0:0
< Via: 1.1 HS-F0 (squid/3.4.8)
< Connection: keep-alive
<
* Connection #0 to host www.bnro.ro left intact
* Issue another request to this URL: 'https://www.bnro.ro/nbrfxrates.xml'
* Expire in 1 ms for 1 (transfer 0x7f8a5c009c00)
* Expire in 0 ms for 1 (transfer 0x7f8a5c009c00)
...
* Expire in 1 ms for 1 (transfer 0x7f8a5c009c00)
* Trying 194.102.208.89...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x7f8a5c009c00)
* Connected to www.bnro.ro (194.102.208.89) port 443 (#1)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /opt/local/share/curl/curl-ca-bundle.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 1
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.curl和我的Node.js应用程序都抱怨证书。
在我的Node.js脚本中,我收到以下错误:
{ Error: unable to verify the first certificate
at TLSSocket.<anonymous> (_tls_wrap.js:1104:38)
at emitNone (events.js:105:13)
at TLSSocket.emit (events.js:207:7)
at TLSSocket._finishInit (_tls_wrap.js:638:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:468:38) code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' }我尝试使用Chrome中的 Copy as CURL command 选项,但也不起作用。
为什么会发生这种情况?如何解决?
3条答案
按热度按时间s5a0g9ez1#
一个丢失的证书包,在这里阅读更多关于它的信息https://curl.haxx.se/docs/sslcerts.html,但TL;灾难恢复是下载https://curl.haxx.se/ca/cacert.pem并运行
8fq7wneg2#
将CA中间证书连接到域证书中
目录中间件. crt〉〉域名.crt
SSL证书SSL/域名. crt;//你的nginx服务器块
jecbmhm33#
可能是服务器配置错误。他们使用了错误的证书文件(例如,cert.pem而不是fullchain.pem)。例如,如果你使用“Let 's encrypt”CA和python的ssl.wrap_socket,你应该这样写
如果firefox打开了服务器,而您无法更改服务器配置,必须使用curl,
1.然后通过firefox下载fullchain.pem(安全-〉查看证书-〉其他-〉下载PEM链)
1.现在你可以使用 curl 与此链。