# yum info ca-certificates
# rpm -ql ca-certificates
# rpm -ql ca-certificates | grep "crt"
tls-ca-bundle.pem 内各个证书的头尾格式:
BEGIN CERTIFICATE &END CERTIFICATE
ca-bundle.trust.crt 内各个证书的头尾格式:
BEGIN TRUSTED CERTIFICATE &END TRUSTED CERTIFICATE
/etc/pki/tls/certs/ca-bundle.crt 文件存储了各大证书颁发证的根证书交叉文件。
curl 访问https网站时,会比对这个文件里的根证书。如果这个文件过老,那就是有新的根证书未加入到这个文件里,导致curl无法正常访问https网站。
所以,你要么更新这个包(文件),要么可以选择手动添加证书进去,当然,你可以使用 curl -k 跳过证书验证。
更新最新证书:
https://curl.se/ca/cacert.pem
对CentOS7.x而言,手动添加证书信任:
获取服务端证书 X.crt
# cp X.crt /etc/pki/ca-trust/source/anchors/
# update-ca-trust
# cat /etc/pki/ca-trust/README
# man update-ca-trust >update-ca-trust.txt
SSL Certificate Verification
https://curl.se/docs/sslcerts.html
Managing TLS and trusted CA certificates
https://docs.pexip.com/admin/certificate_management.htm
SSL and SSL Certificates Explained For Beginners
http://www.steves-internet-guide.com/ssl-certificates-explained/
Adding trusted root certificates to the server
https://manuals.gfi.com/en/kerio/connect/content/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html
How to add Certificate Authority file in CentOS 7
https://stackoverflow.com/questions/37043442/how-to-add-certificate-authority-file-in-centos-7
一、安装apache,已安装略过。未安装的看这篇文章 centOS7-安装apache+php 。二、安装Apache支持SSL/TLS
yum install mod_ssl openssl
三、编辑SSL配置文件
vi /etc/httpd/conf.d/ssl.conf
四、创建CA证书、CA证书签名
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)