更新凭证

Ubuntu SSL 更新凭证常用指令

在执行 curl 的时候,主机喷出 server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt 凭证过期的错误讯息,此时需要重新更新主机凭证资讯

$ curl https://www.google.com
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn\'t adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you\'d like to turn off curl\'s verification of the certificate, use
 the -k (or --insecure) option.

更新主机套件

因为主机套件没有更新的话,抓取的凭证资料可能还会是旧的凭证,所以在更新凭证之前要先更新主机套件版本

sudo apt-get update

更新主机凭证

更新完主机套件后,就可以重新安装凭证套件程式,让主机抓取最新的凭证

sudo apt-get install --reinstall ca-certificates

若套件已是最新的,要直接更新凭证,可以使用下列指令直接更新即可

sudo update-ca-certificates

参考资料