无法使用给定的 CA 证书对对等证书进行身份验证

tag-icon tag-icon ssl certificates alma-linux
无法使用给定的 CA 证书对对等证书进行身份验证

在Alma Linux 8.8上运行但无法安装该软件包。我明白了Peer certificate cannot be authenticated with given CA certificates。我已经更新了所有软件包,dnf update但错误仍然存​​在。

google-chrome                                                                                                                  0.0  B/s |   0  B     00:00
Errors during downloading metadata for repository 'google-chrome':
  - Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/repomd.xml [SSL certificate problem: unable to get local issuer certificate]
Error: Failed to download metadata for repo 'google-chrome': Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried

我尝试从中下载证书包https://curl.se/ca/cacert-2023-08-22.pem,但似乎无法获取颁发者。

[autoit@vmhost-n88 ~]$ openssl s_client -connect dl.google.com:443 -CAfile cacert-2023-08-22.pem
CONNECTED(00000003)
depth=0 CN = *.google.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = *.google.com
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 CN = *.google.com
verify return:1

我已经从已知可与 Google 配合使用的系统复制了 CA 捆绑包,但仍然得到unable to get local issuer certificate.以下是在 AlmaLinux 8.6 系统上运行的证书结果:

$ openssl s_client -connect dl.google.com:443 -CAfile tls-ca-bundle.pem
CONNECTED(00000003)
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
verify return:1
depth=0 CN = *.google.com
verify return:1

为什么同一个证书在AlmaLinux 8.8中不起作用,但在AlmaLinux 8.6中起作用?

我尝试手动下载 RPM 并跳过检查,但得到的是:

$ wget --no-check-certificate https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm
--2023-09-08 11:19:15--  https://dl.google.com/linux/direct/google-chrome-stable_current_x86_64.rpm
Resolving dl.google.com (dl.google.com)... 142.250.70.238, 2404:6800:4015:803::200e
Connecting to dl.google.com (dl.google.com)|142.250.70.238|:443... connected.
WARNING: The certificate of ‘dl.google.com’ is not trusted.
WARNING: The certificate of ‘dl.google.com’ hasn't got a known issuer.
HTTP request sent, awaiting response... 307 Temporary Redirect
Location: https://172.29.200.254:8090/ips/block/webcat?cat=14&pl=1&lu=0&url=aHR0cHM6Ly9kbC5nb29nbGUuY29t [following]
--2023-09-08 11:19:16--  https://172.29.200.254:8090/ips/block/webcat?cat=14&pl=1&lu=0&url=aHR0cHM6Ly9kbC5nb29nbGUuY29t
Connecting to 172.29.200.254:8090... connected.
WARNING: The certificate of ‘172.29.200.254’ is not trusted.
WARNING: The certificate of ‘172.29.200.254’ hasn't got a known issuer.
The certificate's owner does not match hostname ‘172.29.200.254’
HTTP request sent, awaiting response... 403 Forbidden
2023-09-08 11:19:16 ERROR 403: Forbidden.

相关内容