我使用 curl 发起 https 请求来下载文件。我使用了以下命令:
curl -v -o 输出.pdf https://otherdomain.com/upload/manual-8mm-f35-csii-vdslr-5.pdf
我得到的结果是:
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 184.106.55.122...
* TCP_NODELAY set
* Connected to otherdomain.com (184.106.55.122) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* Server certificate:
* subject: CN=www.otherdomain.com
* start date: Aug 01 00:00:00 2018 GMT
* expire date: Jul 31 12:00:00 2020 GMT
* common name: www.otherdomain.com
* issuer: CN=RapidSSL RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US
* NSS error -8179 (SEC_ERROR_UNKNOWN_ISSUER)
* Peer's Certificate issuer is not recognized.
* stopped the pause stream!
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* Closing connection 0
curl: (60) Peer's Certificate issuer is not recognized.
More details here: https://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
知道问题是什么以及如何解决它吗?
答案1
问题出在你尝试访问的网站上。他们似乎TLS 配置错误在他们的网站上。特别是,他们没有发送名为“RapidSSL RSA CA 2018”的中间证书,而他们本应将其包含在 Web 服务器配置中。
该网站的 TLS 设置显然还存在许多其他问题。
您无法修复他们的网络服务器,因为您无法控制它。但也许您可以联系那里的某个人,让他们知道他们的问题。
您可以使用该选项告诉 curl 忽略证书问题-k
,但您无法确定您正在与真正的网站对话。