curl: (60) SSL certificate problem

已于 2025-02-21 19:07:15 修改
阅读量1.3w 收藏 10
点赞数 3
分类专栏: Ubuntu Linux - Desktop Server 文章标签: curl SSL certificate
于 2019-07-21 17:00:09 首次发布
世上没有白读的书,每一页都算数。
本文链接:https://blog.csdn.net/chengyq116/article/details/96735861
版权
本文介绍了解决curl在下载过程中遇到的各种SSL证书问题的方法,包括使用-k或--insecure参数跳过验证、更新证书存储、配置环境变量等,并提供了一个实际案例。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

curl: {60} SSL certificate problem

1. curl: (60) SSL certificate problem

1.1. curl: (60) server certificate verification failed.

strong@foreverstrong:~/venv/tensorflow_work/fire-detection-cnn$ bash ./download-models.sh 
Downloading pretrained models...

curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
strong@foreverstrong:~/venv/tensorflow_work/fire-detection-cnn$

1.2. curl: (60) SSL certificate problem: unable to get local issuer certificate

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure.

1.3. curl: (60) SSL certificate problem: Invalid certificate chain

curl: (60) SSL certificate problem: Invalid certificate chain
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

1.4. curl: (60) Peer certificate cannot be authenticated with known CA certificates

curl: (60) Peer certificate cannot be authenticated with known CA certificates
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

2. 添加 -k--insecure 参数来跳过 SSL 证书验证

If you’d like to turn off curl’s verification of the certificate, use the -k (or --insecure) option.
-k, --insecure 参数设置跳过 SSL 检测,不检查服务器的 SSL 证书是否正确。

yongqiang@yongqiang:~$ man curl

-k, --insecure

(TLS) By default, every SSL connection curl makes is verified to be secure. This option allows curl to proceed and operate even for server connections otherwise considered insecure.
(TLS) 默认情况下,curl 建立的每个 SSL 连接都经过验证是安全的。即使对于其它被认为不安全的服务器连接,此选项也允许 curl 继续进行和操作。

The server connection is verified by making sure the server’s certificate contains the right name and verifies successfully using the cert store.

yongqiang@yongqiang:~$ curl -k https://www.baidu.com
yongqiang@yongqiang:~$ curl --insecure https://www.baidu.com

2.1. SSL Certificate Verification

https://curl.se/docs/sslcerts.html

SSL is the old name. It is called TLS these days.

Tell libcurl to not verify the peer. With libcurl you disable this with curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);

With the curl command line tool, you disable this with -k/--insecure.

Experimentally Defined Convolutional Neural Network Architecture Variants for Non-temporal Real-time Fire Detection
https://github.com/tobybreckon/fire-detection-cnn

################################################################################

# model downloader / unpacker - (c) 2018 Toby Breckon, Durham University, UK

################################################################################

URL_MODELS=https://collections.durham.ac.uk/downloads/r19880vq98m
MODEL_DIR_LOCAL_TARGET=models

MODELS_FILE_NAME=dunnings-2018-fire-detection-pretrained-models.zip
MODELS_DIR_NAME_UNZIPPED=dunnings-2018-fire-detection-pretrained-models
MODELS_MD5_SUM=98815a8594a18f1cafb3e87af8f9b0f1

################################################################################

# set this script to fail on error

set -e

# check for required commands to download and md5 check

(command -v curl | grep curl > /dev/null) ||
  (echo "Error: curl command not found, cannot download!")

(command -v md5sum | grep md5sum > /dev/null) ||
  (echo "Error: md5sum command not found, md5sum check will fail!")

################################################################################

# perform download

echo "Downloading pretrained models..."

mkdir -p $MODEL_DIR_LOCAL_TARGET

MODELS=./$MODEL_DIR_LOCAL_TARGET/$MODELS_FILE_NAME

curl --progress-bar $URL_MODELS > $MODELS -k

################################################################################

# perform md5 check and move to required local target directory

cd $MODEL_DIR_LOCAL_TARGET

echo "checking the MD5 checksum for downloaded models..."

CHECK_SUM_CHECKPOINTS="$MODELS_MD5_SUM  $MODELS_FILE_NAME"

echo $CHECK_SUM_CHECKPOINTS | md5sum -c

echo "Unpacking the zip file..."

unzip -q $MODELS_FILE_NAME

echo "Tidying up..."

mv $MODELS_DIR_NAME_UNZIPPED/* .

rm $MODELS_FILE_NAME && rm -r $MODELS_DIR_NAME_UNZIPPED

cd ..

################################################################################

# tlearn format specific - create checkpoint path files to enable conversion to pb format

echo "model_checkpoint_path: \"firenet\"" > $MODEL_DIR_LOCAL_TARGET/FireNet/checkpoint
echo "all_model_checkpoint_paths: \"firenet\"" >> $MODEL_DIR_LOCAL_TARGET/FireNet/checkpoint

echo "model_checkpoint_path: \"inceptiononv1onfire\"" > $MODEL_DIR_LOCAL_TARGET/InceptionV1-OnFire/checkpoint
echo "all_model_checkpoint_paths: \"inceptiononv1onfire\"" >> $MODEL_DIR_LOCAL_TARGET/InceptionV1-OnFire/checkpoint

echo "model_checkpoint_path: \"sp-inceptionv1onfire\"" > $MODEL_DIR_LOCAL_TARGET/SP-InceptionV1-OnFire/checkpoint
echo "all_model_checkpoint_paths: \"sp-inceptionv1onfire\"" >> $MODEL_DIR_LOCAL_TARGET/SP-InceptionV1-OnFire/checkpoint

################################################################################

echo "... completed -> required models are in $MODEL_DIR_LOCAL_TARGET/"

################################################################################

strong@foreverstrong:~/venv/tensorflow_work/fire-detection-cnn$ bash ./download-models.sh 
Downloading pretrained models...
######################################################################## 100.0%
checking the MD5 checksum for downloaded models...
dunnings-2018-fire-detection-pretrained-models.zip: OK
Unpacking the zip file...
Tidying up...
... completed -> required models are in models/
strong@foreverstrong:~/venv/tensorflow_work/fire-detection-cnn$

3. Updating /etc/ssl/certs

sudo update-ca-certificates

strong@foreverstrong:~/venv/tensorflow_work/fire-detection-cnn$ sudo update-ca-certificates
[sudo] password for strong: 
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...

done.
done.
strong@foreverstrong:~/venv/tensorflow_work/fire-detection-cnn$ 
strong@foreverstrong:~/venv/tensorflow_work/fire-detection-cnn$ bash ./download-models.sh
......

date / date -R

检查你的系统时钟,date / date -R。如果不正确,证书检查将失败。

strong@foreverstrong:~$ date
Sun Jul 21 16:53:57 CST 2019
strong@foreverstrong:~$ 
strong@foreverstrong:~$ date -R
Sun, 21 Jul 2019 16:55:09 +0800
strong@foreverstrong:~$

4. export GIT_SSL_NO_VERIFY=1

关闭系统的安全认证,然后再次下载。

export GIT_SSL_NO_VERIFY=1
or
git config --global http.sslverify false

strong@foreverstrong:~/venv/tensorflow_work/fire-detection-cnn$ export GIT_SSL_NO_VERIFY=1
strong@foreverstrong:~/venv/tensorflow_work/fire-detection-cnn$ 
strong@foreverstrong:~/venv/tensorflow_work/fire-detection-cnn$ bash ./download-models.sh
......

References

[1] Yongqiang Cheng, https://yongqiang.blog.csdn.net/
[2] curl - transfer a URL, https://blog.csdn.net/chengyq116/article/details/96736356

PHP curl出现SSL certificate problem: self signed certificate in certificate chain
Dove言和
12-03 3159
使用PHP curl请求https的时候出现错误“SSL certificate problem: self signed certificate in certificate chain”,这种情况是无法验证客户端根证书导致,解决办法如下。 方法一 忽略证书验证,在curl方法中添加以下代码即可。 function httpRequest($sUrl, $aHeader, $aData)...
SSL certificate problem: unable to get local issuer certificate【鸿蒙报错已解决】
一键难忘的博客
05-01 4267
SSL certificate problem: unable to get local issuer certificate【鸿蒙报错已解决】最近也是遇到了这个问题,看到网上也有人在询问这个问题,本文总结了自己和其他人的解决经验,解决了【SSL certificate problem: unable to get local issuer certificate】的问题。导入Sample时,导入失败,提示“SSL certificate problem: unable to get local issue
curl证书过期_cURL错误60SSL证书问题:证书已过期
weixin_30284287的博客
01-12 4144
We running 2 application on amazon ec2 (backend.abc.com & frontend.abc.com). For that application, we used a paid SSL Certificate. That certificate expiration date at 2021 June. But today, we got ...
windows:curl: (60) schannel: SEC_E_UNTRUSTED_ROOT (0x80090325)
最新发布
m0_54355172的博客
03-07 763
很操蛋的问题,下班更新一下Windows11,起床一看,拉不了代码了
PHP CURL HTTPS报错SSL certificate problem: unable to get local issuer certificate
small_whale的博客
12-24 788
起因:本地调用java接口返回无数据,但测试环境却是有数据的。 调试过程如下: 1,curl_getinfo—获取一个cURL连接资源句柄的信息。 Array ( [url] => https://grapserver.linkstars.com/goods/getSearch [content_type] => [http_code] =>...
cURL error 60: SSL certificate problem...
热门推荐
buer2202的博客
07-19 1万+
php在curl的时候报此错误:cURL error 60: SSL certificate problem: unable to get local issuer certificate (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)根据报错后面提示的地址查询60错误:CURLE_SSL_CACERT (60) Peer certif
curl: (60) SSL certificate problem: self-signed certificate in certificate chain解决
simpleGq的专栏
11-20 1万+
1. `curl: (60) SSL certificate problem: self-signed certificate in certificate chain ` 2. `python requests`调用`api`报错: (`Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get issuer certifi
curl: (60) SSL certificate problem: unable to get local issuer certificate 错误
weixin_34206899的博客
05-20 672
  今天同事做微信管理的项目,请求接口返回如下错误SSL certificate problem: unable to get local issuer certificate。   此问题的出现是由于没有配置信任的服务器HTTPS验证。默认,cURL被设为不信任任何CAs,就是说,它不信任任何服务器验证。因此,这就是浏览器无法通过HTTPs访问你服务器的原因。   解决此报错有2种处理方法 ...
CURL error 60: SSL certificate problem: certificate has expired
json_li的博客
02-17 4622
项目使用guzzleHttp做的一个接口,报错:certificate has expired 因为在linux centos环境与window环境有所不同,在此记录一下解决过程。
【PHP、SSL、证书】报cURL error 60: SSL certificate problem的证书问题解决
12-22
PHP本地环境在调用第三方接口有时会出现cURL error 60: SSL certificate problem: unable to get local issuer certificate的错误提示,这边提供如下解决方案: 1、下载资源,并解压 2、将pem文件放于指定目录下,...
curl: (60) SSL certificate problem: self signed certificate
08-24
当你看到`curl: (60) SSL certificate problem: self-signed certificate`的错误信息时,意味着`curl`在尝试通过HTTPS连接时遇到了一个自我签名的证书。自我签名证书是由网站本身生成的,而不是由公认的第三方认证...
curl支持ssl错误:curl: (60) SSL certificate problem: certificate is not yet valid
gmq_syy的博客
10-21 830
在测试curl命令的时候发现curl: (60) SSL certificate problem: certificate is not yet valid出现这个错误,已经设置了ssl证书路径,最终发现是板子上时间不对,设置时间后可以正常使用。
cURL error 60: SSL certificate problem: unable to get local issuer certificate 解决方法
netuser1937的博客
03-25 3206
cURL error 60: SSL certificate problem: unable to get local issuer certificate 解决方法
cURL error 60: SSL certificate problem: unable to get local issuer certifica
yang_yun_hao的博客
05-30 1839
经查询查到:此问题的出现是由于没有配置信任的服务器HTTPS验证。默认,cURL被设为不信任任何CAs,就是说,它不信任任何服务器验证。因此,这就是浏览器无法通过HTTPs访问你服务器的原因。打开php.ini 搜索curl.cainfo 与 openssl.cafile,将其配置成你自己cacert.pem文件的路径。openssl.cafile="cacert.pem路径"curl.cainfo="cacert.pem路径 "将下载好的文件放到自己的文件目录下。重启phpStudy就好了。
curl: (60) SSL certificate problem: certificate has expired终极解决方案
qq_38731735的博客
10-16 4513
问题: root@ubuntu-64bit:/home/work/avs_project/build# curl -I https://nghttp2.org/ -v * Trying 139.162.123.134... * TCP_NODELAY set * Connected to nghttp2.org (139.162.123.134) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection:
关于curl发送请求报错证书问题:curl: (60) SSL certificate problem: unable to get local issuer certificate
changzhen5616的博客
12-15 1662
php curl 发送https请求报错问题
解决下载数据集报错: curl: (60) SSL certificate problem: certificate has expired
wlher的博客
07-16 7237
问题描述:运行pointnet2时在线下载modelnet数据集(链接如下)https://shapenet.cs.stanford.edu/media/modelnet40_normal_resampled.zip curl提示缺少证书认证 curl: (60) SSL certificate problem: certificate has expired More details here: https://curl.haxx.se/docs/sslcerts.html 修改方法:在curl
cURL error 60: SSL certificate problem: unable to get local issuer certifica 解决
1193379199的博客
04-11 2089
1.到 https://curl.haxx.se/ca/cacert.pem 下载证书文件 cacert.pem,将其保存到 PHP 安装路径下。打开php.ini 搜索curl.cainfo 与 openssl.cafile,将其配置成你自己cacert.pem文件的路径。从 https://curl.haxx.se/docs/caextract.html 上下载cacert.pem。2、把文件放到下面目录中,也就是 php.ini 同级目录的 ./extras/ssl下。
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

Yongqiang Cheng

梦想不是浮躁,而是沉淀和积累。

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值