curl: (60) SSL certificate problem

已于 2023-08-20 21:24:03 修改
阅读量1.2w 收藏 10
点赞数 3
分类专栏: 20240202 文章标签: curl SSL certificate
于 2019-07-21 17:00:09 首次发布
世上没有白读的书,每一页都算数。
本文链接:https://blog.csdn.net/chengyq116/article/details/96735861
版权

curl: (60) SSL certificate problem

1. Issues

1.1. curl: (60) server certificate verification failed.

strong@foreverstrong:~/venv/tensorflow_work/fire-detection-cnn$ bash ./download-models.sh 
Downloading pretrained models...

curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
strong@foreverstrong:~/venv/tensorflow_work/fire-detection-cnn$

1.2. curl: (60) SSL certificate problem: unable to get local issuer certificate

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure.

1.3. curl: (60) SSL certificate problem: Invalid certificate chain

curl: (60) SSL certificate problem: Invalid certificate chain
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

1.4. curl: (60) Peer certificate cannot be authenticated with known CA certificates

curl: (60) Peer certificate cannot be authenticated with known CA certificates
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

2. 添加 -k--insecure 参数来跳过 SSL 证书验证

If you’d like to turn off curl’s verification of the certificate, use the -k (or --insecure) option.
-k, --insecure 指定跳过 SSL 检测,不检查服务器的 SSL 证书是否正确。

yongqiang@yongqiang:~$ man curl

-k, --insecure:
(TLS) By default, every SSL connection curl makes is verified to be secure. This option allows curl to proceed and operate even for server connections otherwise considered insecure.
(TLS) 默认情况下,curl 建立的每个 SSL 连接都经过验证是安全的。即使对于其它被认为不安全的服务器连接,此选项也允许 curl 继续进行和操作。

The server connection is verified by making sure the server’s certificate contains the right name and verifies successfully using the cert store.

yongqiang@yongqiang:~$ curl -k https://www.baidu.com
yongqiang@yongqiang:~$ curl --insecure https://www.baidu.com

2.1. SSL Certificate Verification

https://curl.se/docs/sslcerts.html
SSL is the old name. It is called TLS these days.

Tell libcurl to not verify the peer. With libcurl you disable this with curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);

With the curl command line tool, you disable this with -k/--insecure.

################################################################################

# model downloader / unpacker - (c) 2018 Toby Breckon, Durham University, UK

################################################################################

URL_MODELS=https://collections.durham.ac.uk/downloads/r19880vq98m
MODEL_DIR_LOCAL_TARGET=models

MODELS_FILE_NAME=dunnings-2018-fire-detection-pretrained-models.zip
MODELS_DIR_NAME_UNZIPPED=dunnings-2018-fire-detection-pretrained-models
MODELS_MD5_SUM=98815a8594a18f1cafb3e87af8f9b0f1

################################################################################

# set this script to fail on error

set -e

# check for required commands to download and md5 check

(command -v curl | grep curl > /dev/null) ||
  (echo "Error: curl command not found, cannot download!")

(command -v md5sum | grep md5sum > /dev/null) ||
  (echo "Error: md5sum command not found, md5sum check will fail!")

################################################################################

# perform download

echo "Downloading pretrained models..."

mkdir -p $MODEL_DIR_LOCAL_TARGET

MODELS=./$MODEL_DIR_LOCAL_TARGET/$MODELS_FILE_NAME

curl --progress-bar $URL_MODELS > $MODELS -k

################################################################################

# perform md5 check and move to required local target directory

cd $MODEL_DIR_LOCAL_TARGET

echo "checking the MD5 checksum for downloaded models..."

CHECK_SUM_CHECKPOINTS="$MODELS_MD5_SUM  $MODELS_FILE_NAME"

echo $CHECK_SUM_CHECKPOINTS | md5sum -c

echo "Unpacking the zip file..."

unzip -q $MODELS_FILE_NAME

echo "Tidying up..."

mv $MODELS_DIR_NAME_UNZIPPED/* .

rm $MODELS_FILE_NAME && rm -r $MODELS_DIR_NAME_UNZIPPED

cd ..

################################################################################

# tlearn format specific - create checkpoint path files to enable conversion to pb format

echo "model_checkpoint_path: \"firenet\"" > $MODEL_DIR_LOCAL_TARGET/FireNet/checkpoint
echo "all_model_checkpoint_paths: \"firenet\"" >> $MODEL_DIR_LOCAL_TARGET/FireNet/checkpoint

echo "model_checkpoint_path: \"inceptiononv1onfire\"" > $MODEL_DIR_LOCAL_TARGET/InceptionV1-OnFire/checkpoint
echo "all_model_checkpoint_paths: \"inceptiononv1onfire\"" >> $MODEL_DIR_LOCAL_TARGET/InceptionV1-OnFire/checkpoint

echo "model_checkpoint_path: \"sp-inceptionv1onfire\"" > $MODEL_DIR_LOCAL_TARGET/SP-InceptionV1-OnFire/checkpoint
echo "all_model_checkpoint_paths: \"sp-inceptionv1onfire\"" >> $MODEL_DIR_LOCAL_TARGET/SP-InceptionV1-OnFire/checkpoint

################################################################################

echo "... completed -> required models are in $MODEL_DIR_LOCAL_TARGET/"

################################################################################

strong@foreverstrong:~/venv/tensorflow_work/fire-detection-cnn$ bash ./download-models.sh 
Downloading pretrained models...
######################################################################## 100.0%
checking the MD5 checksum for downloaded models...
dunnings-2018-fire-detection-pretrained-models.zip: OK
Unpacking the zip file...
Tidying up...
... completed -> required models are in models/
strong@foreverstrong:~/venv/tensorflow_work/fire-detection-cnn$

3. Updating /etc/ssl/certs

sudo update-ca-certificates

strong@foreverstrong:~/venv/tensorflow_work/fire-detection-cnn$ sudo update-ca-certificates
[sudo] password for strong: 
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...

done.
done.
strong@foreverstrong:~/venv/tensorflow_work/fire-detection-cnn$ 
strong@foreverstrong:~/venv/tensorflow_work/fire-detection-cnn$ bash ./download-models.sh
......

date / date -R
检查你的系统时钟,date / date -R。如果不正确,证书检查将失败。

strong@foreverstrong:~$ date
Sun Jul 21 16:53:57 CST 2019
strong@foreverstrong:~$ 
strong@foreverstrong:~$ date -R
Sun, 21 Jul 2019 16:55:09 +0800
strong@foreverstrong:~$

4. export GIT_SSL_NO_VERIFY=1

关闭系统的安全认证,然后再次下载。

export GIT_SSL_NO_VERIFY=1
or
git config --global http.sslverify false

strong@foreverstrong:~/venv/tensorflow_work/fire-detection-cnn$ export GIT_SSL_NO_VERIFY=1
strong@foreverstrong:~/venv/tensorflow_work/fire-detection-cnn$ 
strong@foreverstrong:~/venv/tensorflow_work/fire-detection-cnn$ bash ./download-models.sh
......

References

https://yongqiang.blog.csdn.net/
https://blog.csdn.net/chengyq116/article/details/96736356

Yongqiang Cheng
关注
专栏目录
PHP curl出现SSL certificate problem: self signed certificate in certificate chain
Dove言和
12-03 2879
使用PHP curl请求https的时候出现错误“SSL certificate problem: self signed certificate in certificate chain”,这种情况是无法验证客户端根证书导致,解决办法如下。 方法一 忽略证书验证,在curl方法中添加以下代码即可。 function httpRequest($sUrl, $aHeader, $aData)...
SSL certificate problem: unable to get local issuer certificate【鸿蒙报错已解决】
一键难忘的博客
05-01 3205
SSL certificate problem: unable to get local issuer certificate【鸿蒙报错已解决】最近也是遇到了这个问题,看到网上也有人在询问这个问题,本文总结了自己和其他人的解决经验,解决了【SSL certificate problem: unable to get local issuer certificate】的问题。导入Sample时,导入失败,提示“SSL certificate problem: unable to get local issue
PHP CURL HTTPS报错SSL certificate problem: unable to get local issuer certificate
small_whale的博客
12-24 659
起因:本地调用java接口返回无数据,但测试环境却是有数据的。 调试过程如下: 1,curl_getinfo—获取一个cURL连接资源句柄的信息。 Array ( [url] => https://grapserver.linkstars.com/goods/getSearch [content_type] => [http_code] =>...
cURL error 60: SSL certificate problem...
buer2202的博客
07-19 1万+
php在curl的时候报此错误:cURL error 60: SSL certificate problem: unable to get local issuer certificate (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)根据报错后面提示的地址查询60错误:CURLE_SSL_CACERT (60) Peer certif
Openvpn客户端报错:No server certificate verification method has been enabled 解决方法
qq_38850792的博客
07-29 1445
Openvpn客户端报错:No server certificate verification method has been enabled 解决方法
curl: (60) SSL certificate problem: unable to get local issuer certificate 错误
weixin_34206899的博客
05-20 603
  今天同事做微信管理的项目,请求接口返回如下错误SSL certificate problem: unable to get local issuer certificate。   此问题的出现是由于没有配置信任的服务器HTTPS验证。默认,cURL被设为不信任任何CAs,就是说,它不信任任何服务器验证。因此,这就是浏览器无法通过HTTPs访问你服务器的原因。   解决此报错有2种处理方法 ...
cURL error 60: SSL certificate problem: unable to get local issuer certificate 解决方法
netuser1937的博客
03-25 2194
cURL error 60: SSL certificate problem: unable to get local issuer certificate 解决方法
【PHP、SSL、证书】报cURL error 60: SSL certificate problem的证书问题解决
12-22
PHP本地环境在调用第三方接口有时会出现cURL error 60: SSL certificate problem: unable to get local issuer certificate的错误提示,这边提供如下解决方案: 1、下载资源,并解压 2、将pem文件放于指定目录下,...
curl: (60) SSL certificate problem: self signed certificate
最新发布
08-24
当你看到`curl: (60) SSL certificate problem: self-signed certificate`的错误信息时,意味着`curl`在尝试通过HTTPS连接时遇到了一个自我签名的证书。自我签名证书是由网站本身生成的,而不是由公认的第三方认证...
curl: (60) SSL certificate problem: self-signed certificate in certificate chain解决
simpleGq的专栏
11-20 8274
1. `curl: (60) SSL certificate problem: self-signed certificate in certificate chain ` 2. `python requests`调用`api`报错: (`Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get issuer certifi
cURL error 60: SSL certificate problem: unable to get local issuer certifica
yang_yun_hao的博客
05-30 607
经查询查到:此问题的出现是由于没有配置信任的服务器HTTPS验证。默认,cURL被设为不信任任何CAs,就是说,它不信任任何服务器验证。因此,这就是浏览器无法通过HTTPs访问你服务器的原因。打开php.ini 搜索curl.cainfo 与 openssl.cafile,将其配置成你自己cacert.pem文件的路径。openssl.cafile="cacert.pem路径"curl.cainfo="cacert.pem路径 "将下载好的文件放到自己的文件目录下。重启phpStudy就好了。
cURL error 60: SSL certificate problem: unable to get local issuer certifica 解决
热门推荐
wgchen
11-03 3万+
无法获取本地颁发者证书Windows版本linux版本解决方案cURL error 60: SSL certificate problem: unable to get local issuer certifica 解决Laravel 使用GuzzleHttp请求第三方https接口报错获取 headerswindows 清晰版本 Windows版本 1.到 https://curl.haxx.se/ca/cacert.pem 下载证书文件 cacert.pem,将其保存到 PHP 安装路径下。 2.编辑
关于curl发送请求报错证书问题:curl: (60) SSL certificate problem: unable to get local issuer certificate
changzhen5616的博客
12-15 996
php curl 发送https请求报错问题
curl: (60) server certificate verification failed.
12-27 874
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt
curl: (60) SSL certificate problem问题解决
汉尼拔勇闯天涯
05-20 3338
使用curl请求网络,并且通过repo init\sync下载供应商的源码时,curl命令就出问题了。 执行命令:curl -k https://mirrors.tuna.tsinghua.edu.cn/git/git-repo> ~/bin/repo,报错 curl: (60) SSL certificate problem 我的问题不是证书的问题,只要更新一把curl就行了:强制更新就是在上述命令中加上-k即可,即:curl -k https://mirrors.tuna.tsinghua
curl: (60) SSL certificate problem: certificate has expired终极解决方案
qq_38731735的博客
10-16 4308
问题: root@ubuntu-64bit:/home/work/avs_project/build# curl -I https://nghttp2.org/ -v * Trying 139.162.123.134... * TCP_NODELAY set * Connected to nghttp2.org (139.162.123.134) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection:
RequestException: cURL error 60: SSL certificate problem ssl证书
范范范国超的博客
11-29 271
进入https://curl.haxx.se/docs/caextract.html这个网站,下载最新的后缀为pem的文件。 下载好的文件移到php的这个目录下。 打开PHP的openssl扩展 然后打开php的配置文件 php.ini 搜索curl.cainfo 去掉前面的#注释 然后重启服务器ok ...
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

Yongqiang Cheng

梦想不是浮躁,而是沉淀和积累。

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值