Linux Centos 怎么安装更新根证书实现支持https访问

Linux Centos 怎么安装更新根证书实现支持https访问,第1张

其实很简单就是一个命令:

mozroots --import --ask-remove

或者使用:

sudo update-ca-certificates

# yum -y install ca-certificates

# yum info ca-certificates

# rpm -ql ca-certificates

# rpm -ql ca-certificates | grep "crt"

tls-ca-bundle.pem 内各个证书头尾格式:

BEGIN CERTIFICATE &END CERTIFICATE

ca-bundle.trust.crt 内各个证书的头尾格式:

BEGIN TRUSTED CERTIFICATE &END TRUSTED CERTIFICATE

/etc/pki/tls/certs/ca-bundle.crt 文件存储了各大证书颁发证的根证书交叉文件。

curl 访问https网站时,会比对这个文件里的根证书。如果这个文件过老,那就是有新的根证书未加入到这个文件里,导致curl无法正常访问https网站。

所以,你要么更新这个包(文件),要么可以选择手动添加证书进去,当然,你可以使用 curl  -k  跳过证书验证。

更新最新证书:

https://curl.se/ca/cacert.pem

对CentOS7.x而言,手动添加证书信任:

获取服务端证书 X.crt

# cp  X.crt  /etc/pki/ca-trust/source/anchors/

# update-ca-trust

# cat /etc/pki/ca-trust/README

# man update-ca-trust >update-ca-trust.txt

SSL Certificate Verification

https://curl.se/docs/sslcerts.html

Managing TLS and trusted CA certificates

https://docs.pexip.com/admin/certificate_management.htm

SSL and SSL Certificates Explained For Beginners

http://www.steves-internet-guide.com/ssl-certificates-explained/

Adding trusted root certificates to the server

https://manuals.gfi.com/en/kerio/connect/content/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html

How to add Certificate Authority file in CentOS 7

https://stackoverflow.com/questions/37043442/how-to-add-certificate-authority-file-in-centos-7


欢迎分享,转载请注明来源:内存溢出

原文地址: http://outofmemory.cn/bake/7935795.html

(0)
打赏 微信扫一扫 微信扫一扫 支付宝扫一扫 支付宝扫一扫
上一篇 2023-04-11
下一篇 2023-04-11

发表评论

登录后才能评论

评论列表(0条)

保存