当我尝试跟随 curl 时
devendermishra@myhost:~$ curl https://iam.endpoint.com
curl: (60) SSL certificate problem: self signed certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
但是,当我明确提到 ca 证书文件时,它可以正常工作。
devendermishra@myhost:~$ curl --cacert /etc/ssl/certs/ca-certificates.crt https://iam.endpoint.com
{"error": {"message": "Auth Signature not provided", "code": 401, "title": "Unauthorized"}}
CA 证书中的端点或安装存在什么问题?
答案1
我怀疑libcurl编译时没有查找该位置。您可以通过运行来显示 libcurl 使用的 CA 证书包的内置路径curl-config --ca。您还可以通过运行来显示构建时传递的参数curl-config --configure。我怀疑第一个命令将不返回任何内容(标志不存在且自动检测不起作用),而后面的命令将缺少预期的标志。
更多信息可以在这里找到: