curl:(60)SSL证书:无法获取本地发行者证书

本文介绍了curl:(60)SSL证书:无法获取本地发行者证书的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

只需在我们的服务器上安装Comodo证书，(centos 5)https即可正常运行，而网站可通过https正常运行.但是我们的wordpress插件

Just installed a Comodo certificate on our server, (centos 5) https works fine, the website works fine with https. But one of our wordpress plugin

.htaccess 文件包含用于将url example/w3tc_rewrite_test 重写为 example/?w3tc_rewrite_test ，如果由插件处理，则返回确定"消息.该插件向 example/w3tc_rewrite_test 发出了请求，但收到了

.htaccess file contains rules to rewrite url example/w3tc_rewrite_test into example/?w3tc_rewrite_test which, if handled by plugin, return "OK" message. The plugin made a request to example/w3tc_rewrite_test but received:

SSL证书问题:无法获取本地颁发者证书

SSL certificate problem: unable to get local issuer certificate

而不是确定"响应.

执行命令: curl example 结果:

curl: (60) SSL certificate problem: unable to get local issuer certificate

在外部服务器上:

curl: (60) Peer certificate cannot be authenticated with known CA certificates

我已经下载了最新的ca证书，手动指向了php.ini中的crt/pem文件，但无济于事...

I already downloaded the latest ca certificates, manually pointed to the crt/pem file in php.ini all to no avail...

还将CA服务器证书更改为comodo提供的CAroot.

Also changed the CA server certificate to the CAroot that was supplied by comodo.

openssl s_client -connect example:443 CONNECTED(00000003) 28211:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188: openssl s_client -tls1 -connect example:443 CONNECTED(00000003) depth=0 /OU=Domain Control Validated/OU=PositiveSSL/CN=www.example verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /OU=Domain Control Validated/OU=PositiveSSL/CN=www.example verify error:num=27:certificate not trusted verify return:1 depth=0 /OU=Domain Control Validated/OU=PositiveSSL/CN=www.example verify error:num=21:unable to verify the first certificate verify return:1

推荐答案

使用 SSLLabs 解决问题，尤其是缺少链证书.至少您提到的网站 swedendedicated (在您进行最后编辑之前)存在严重问题:

Check your sites with SSLLabs for problems, especially missing chain certificates. At least the site swedendedicated you mentioned (before you did the last edit) has serious problems:

Chain issues Incomplete

因此，它将与大多数浏览器一起使用，这些浏览器可以缓存丢失的证书或下载丢失的证书.非浏览器通常不会缓存也不下载丢失的证书，因此会失败.

Thus it will work with most browsers which either have the missing certificate cached or will download the missing certificate. Non-Browsers will usually neither cache nor download missing certificates and thus will fail.

解决方法是重新配置服务器，以包括缺少的证书.如果您对如何执行此操作有疑问，请查看从证书提供商处获得的说明.如果这样不能解决问题，请访问serverfault.

The fix is to reconfigure your server to include the missing certificates. If you have questions how to do this look at the instructions you got from your certificate provider. If this does not help ask at serverfault.