当我尝试从前端应用程序建立电子邮件连接时,我在 Ubuntu 服务器上遇到了问题。我收到的错误消息为:“验证返回代码:21 无法验证第一个证书。”运行该命令openssl s_client -connect stage-accountservice.easyfastnow.com:443 -tls1_2会显示完整的错误详细信息:
ccm@ccm:~$ openssl s_client -connect stage-accountservice.easyfastnow.com:443 -tls1_2
CONNECTED(00000003)
depth=0 CN = *.easyfastnow.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = *.easyfastnow.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:CN = *.easyfastnow.com
i:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGPTCCBSWgAwIBAgIRAN3RFxdPvN7xaJoOWTUCWuAwDQYJKoZIhvcNAQELBQAw
gY8xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE3MDUGA1UE
AxMuU2VjdGlnbyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
QTAeFw0yMzA1MTUwMDAwMDBaFw0yNDA1MTUyMzU5NTlaMBwxGjAYBgNVBAMMESou
ZWFzeWZhc3Rub3cuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
uV4B8bhexqBk3X2qowQ8nIlTf5HdoAZkRF1PCWMrkKIsRDZuRzU7rhE0UGxrh3eA
xWT3rEo1Z0THnpSkeQytS6lZJMct0xSR9g4Bmzo5u3tW+9CqYF5dA3byOMPqAGx2
eJhxL3m/U+NYb36Id7tcOra84ueyA6qB3yRixzS+IgjSamqxk6vHNr55mCjG9X5o
EzEUw0Db2pvZC32R4B+KCs4xAK0m9EZ1/k+PGiX1P2qCn+UlaY4F3rrzF4BcN7i+
XR24fKhjdw9XwxCcKIYKat8DytKiZ1VsArk5xDmZSfkF8b4DicYSL00lJkXSkhRQ
dkWAygzjMIlptXCQOUCXKQIDAQABo4IDBDCCAwAwHwYDVR0jBBgwFoAUjYxexFSt
iuF36Zv5mwXhuAGNYeEwHQYDVR0OBBYEFG6hY77e8vFoUwb28Biu7PHgvnA9MA4G
A1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB0GA1UdJQQWMBQGCCsGAQUFBwMB
BggrBgEFBQcDAjBJBgNVHSAEQjBAMDQGCysGAQQBsjEBAgIHMCUwIwYIKwYBBQUH
AgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAECATCBhAYIKwYBBQUH
AQEEeDB2ME8GCCsGAQUFBzAChkNodHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3Rp
Z29SU0FEb21haW5WYWxpZGF0aW9uU2VjdXJlU2VydmVyQ0EuY3J0MCMGCCsGAQUF
BzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTAtBgNVHREEJjAkghEqLmVhc3lm
YXN0bm93LmNvbYIPZWFzeWZhc3Rub3cuY29tMIIBfgYKKwYBBAHWeQIEAgSCAW4E
ggFqAWgAdwB2/4g/Crb7lVHCYcz1h7o0tKTNuyncaEIKn+ZnTFo6dAAAAYgejLlG
AAAEAwBIMEYCIQCTQJfCle5M3Ilq41gXTCPYIxLjZe8eT/72zL3mphf9ZwIhAKpj
pRCppN+6nsidb+eDXeEmp7I3cJoXPskjMxMD6SeqAHYA2ra/az+1tiKfm8K7XGvo
cJFxbLtRhIU0vaQ9MEjX+6sAAAGIHoy5oQAABAMARzBFAiEA5gsKIk4DOWrNmdHy
VvkKaTuZntsxsJxj/4gGhtoOX3QCIC1fGO6/HCGeatHMCVjKuI1k2m0WNB2ER/qD
XCW3tq04AHUA7s3QZNXbGs7FXLedtM0TojKHRny87N7DUUhZRnEftZsAAAGIHoy5
cwAABAMARjBEAiAfqGE+0oC3QeG+vBpKLBTZs2vMGMcarMRM/d5HAIu81gIgK9Ex
+M6+jd5+K29LTH+7d/AorSdxQNQ4/ZtaJq8ldXswDQYJKoZIhvcNAQELBQADggEB
AGiPtyAfe/8XXAWfux6wiSIKCiMxJ8lcpYSvdz46f0fdNLY2N4Qs0ZRKv11feTri
Tf3dCYcDp0AUr6ylh8LisCM09bnDmUVxevOjh16SOfxOpOXog8BxFJG4l4E/ZQ/9
vJWM61SdaN9q41uvXcA0gDDDcBJmnwkqgttANto71XT/Vv/NJUynCHG1+rFcPmbF
mOv/l4gMFWM9AIM4J5fXgTiJG4rMkwNi2jEudRto4LxhYoI9KTQgl+SmALOmMqXw
A1UcG74e3gW+bXYHU4dVF3pto7yUc8ReLm0PB+aLQ+C8pIk24aeCj8EB0/AVZ1yj
ViICaFnarUtcg2Rg9YIjISc=
-----END CERTIFICATE-----
subject=CN = *.easyfastnow.com
issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2294 bytes and written 326 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: C228641A9E1ABB5C8F26BBAEB1FCD7F39D764D273F4AC14843656EFC24A876B7
Session-ID-ctx:
Master-Key: 34A840B810A951641BC1DB850A0DC3437A3AA3ADC80509403B65AEA97BEABABF5A142907C6DC30C4C6181DAD5D064705
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 21 f2 78 09 bf 08 30 5a-8a 26 45 33 54 30 00 d2 !.x...0Z.&E3T0..
0010 - 91 6a c9 ce 09 69 6c 8a-b4 1d a1 64 ae 4c ac a9 .j...il....d.L..
0020 - 95 ae 7c 1b 63 67 50 67-c1 e4 ba 93 e3 4b a1 c9 ..|.cgPg.....K..
0030 - 18 db 83 88 e6 ab a5 36-99 7d db ef 20 12 96 fa .......6.}.. ...
0040 - e1 3f 66 45 f3 c8 79 fa-06 9f 7f 09 f7 4e dd 79 .?fE..y......N.y
0050 - 11 04 e7 95 22 88 c6 36-a2 49 31 97 fd 0e 61 9a ...."..6.I1...a.
0060 - bc c7 3f a5 6b 94 e4 a9-01 41 f5 08 c6 d8 e6 2a ..?.k....A.....*
0070 - c6 c4 d4 74 75 68 0c 49-e7 2e 35 75 c9 e1 16 e8 ...tuh.I..5u....
0080 - 1f 46 ae 44 2c b9 d2 6e-f2 81 ba 7c 92 c3 8c b4 .F.D,..n...|....
0090 - 0a 88 3c 1c 73 b2 98 2a-a5 1d 04 16 07 33 8c d4 ..<.s..*.....3..
00a0 - 50 d4 f4 dc d5 a6 e2 45-d5 91 87 aa bb 6f b1 bb P......E.....o..
00b0 - a3 be 09 14 d4 0d 55 f0-c2 c6 5e 90 de f5 72 d9 ......U...^...r.
00c0 - 96 2f 59 6d 98 d5 e5 f2-92 d4 f5 5b 08 4f 1e c5 ./Ym.......[.O..
00d0 - 2a 3a 5f 78 9f d9 e9 d2-ad a7 b8 e3 0e 72 cc 0b *:_x.........r..
Start Time: 1704784668
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
Extended master secret: yes
openssl s_client -connect stage-accountservice.easyfastnow.com:443 -tls1_2有趣的是,当我在不同的 Ubuntu 服务器上运行相同的命令时,它可以正常工作,没有任何问题。