curl一个http报错如下:
curl: (60) SSL certificate problem, verify that the CA cert isOK. Details:
error:14090086:SSLroutines:SSL3_GET_SERVER_CERTIFICATE:certificate verifyfailed
More details here:http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a”bundle”
of Certificate Authority (CA) public keys(CA certs). The default
bundle is named curl-ca-bundle.crt; you canspecify an alternate file
using the –cacert option.
If this HTTPS server uses a certificate signed by a CArepresented in
the bundle, the certificate verificationprobably failed due to a
problem with the certificate (it might beexpired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of thecertificate, use
the -k (or –insecure) option.
上网络找了半天原来是本地CA证书太老了
https://raymii.org/s/snippets/CentOS_5_CA_Certificate_Bundle_Update.html
然后下载本地做了下测试:curl https://xxxx –cacert/etc/pki/tls/certs/ca-bundle.crt.test
报错:
curl: (35) error:0D0C50A1:asn1 encodingroutines:ASN1_item_verify:unknown message digest algorithm
一查原来是本地openssl版本太低不认识新版的CA好吧。。
最后还是代码里面加上了CURLOPT_SSL_VERIFYPEER =false
安静了
服务器太老了(centos 5.4),还在线服务不能随便动。。