更新凭证
Ubuntu SSL 更新凭证常用指令
Categories:
在执行 curl 的时候,主机喷出 server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt
凭证过期的错误讯息,此时需要重新更新主机凭证资讯
$ curl https://www.google.com
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn\'t adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you\'d like to turn off curl\'s verification of the certificate, use
the -k (or --insecure) option.
更新主机套件
因为主机套件没有更新的话,抓取的凭证资料可能还会是旧的凭证,所以在更新凭证之前要先更新主机套件版本
sudo apt-get update
更新主机凭证
更新完主机套件后,就可以重新安装凭证套件程式,让主机抓取最新的凭证
sudo apt-get install --reinstall ca-certificates
若套件已是最新的,要直接更新凭证,可以使用下列指令直接更新即可
sudo update-ca-certificates
参考资料
- 服务器证书验证失败CAfile:/etc/ssl/certs/ca certificates.crt CRLfile: 无_ssl-certificate_酷徒编程知识库
- 各系统更新 ca (root)根凭证的方法 – Mr. 沙先生