curl:(60)无法识别对等方的证书颁发者

hmae6n7t  于 2022-11-13  发布在  其他
关注(0)|答案(5)|浏览(244)

我正在尝试按照“.NET Tutorial - Hello World in 5 minutes“中的说明在Centos 7上安装.net Core SDK 2. 0. 0。
当我运行第一个命令时

sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc

我得到这个错误:

curl: (60) Peer's Certificate issuer is not recognized.
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
error: https://packages.microsoft.com/keys/microsoft.asc: import read failed(2)

我在一个公司代理后面,似乎这个错误与SSL证书和curl有关,但我不知道如何修复它。
此外,当我使用curl或wget下载HTTPS URL时,也会出现类似的错误。

aiqt4smr

aiqt4smr1#

我有同样的问题,然后只是暂时关闭了SSL检查,并安装了软件包。但请注意,这是绕过一个安全措施,所以谨慎使用。

sudo vi /etc/yum.conf

然后在编辑器中添加以下行

sslverify=false
pgccezyw

pgccezyw2#

终于修好了。把答案贴在这里作为参考。

  • 获取公司受信任根证书的副本
  • 如果不是PEM格式,请转换它。(例如,对于DER,请运行openssl x509 -in xxx.cer -inform der -outform pem -out xxx.pem
  • 安装ca-certificates软件包:yum install ca-certificates
  • 启用动态CA配置功能:update-ca-trust force-enable
  • 将根证书放在/etc/pki/ca-trust/source/anchors/
  • 运行update-ca-trust extract,将root添加到系统的受信任证书中

参考文献:
https://support.ssl.com/Knowledgebase/Article/View/19/0/der-vs-crt-vs-cer-vs-pem-certificates-and-how-to-convert-them
http://manuals.gfi.com/en/kerio/connect/content/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html

zte4gxcn

zte4gxcn3#

请检查您的服务器是否具有有效的代理设置。

j91ykkif

j91ykkif4#

我使用的自签名SSL证书已经过期,所以在Cent OS 7上,我运行下面的命令,但将天数从-days 365增加到-days 1400,这大约是4年的保证。

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt

您可以在“How To Create an SSL Certificate on Apache for CentOS 7“中找到更多信息。

elcex8rz

elcex8rz5#

cd /etc/pki/ca-trust/extracted/pem
mv tls-ca-bundle.pem tls-ca-bundle.pem.back
wget --no-check-certificate https://curl.se/ca/cacert.pem
mv cacert.pem tls-ca-bundle.pem

相关问题