问题:
root@ubuntu-64bit:/home/work/avs_project/build# curl -I https://nghttp2.org/ -v
* Trying 139.162.123.134...
* TCP_NODELAY set
* Connected to nghttp2.org (139.162.123.134) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (OUT), TLS alert, certificate expired (557):
* SSL certificate problem: certificate has expired
* Closing connection 0
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
解决方案:
curl -k https://curl.se/ca/cacert.pem > cacert.pem
apt-get install ca-certificates openssl x509 -outform der -in
cacert.pem -out cacert.crt cp cacert.crt
/usr/local/share/ca-certificates/ update-ca-certificates
其他选项:
sed -i ‘s/mozilla/DST_Root_CA_X3.crt/!mozilla/DST_Root_CA_X3.crt/g’
/etc/ca-certificates.conf update-ca-certificates