dongzou1964 2015-05-26 22:28
浏览 94
已采纳

即使安装了捆绑包,也无法获得本地颁发者证书

I know something similar to this has already been asked around here but I think my problem is different. I'm trying to make a curl request to a propper SSL website (its not self-signed). I can set the options easily and even imported the CA certificate bundle to the right place. All fine and good I would hope but I'm still getting :

SSL certificate problem: unable to get local issuer certificate

I've looked around here and on google and can't seem to solve the issue. Here's my curl setup:

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.115 Safari/537.36');
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,2);
//curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_AUTOREFERER, true);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_CERTINFO, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, getcwd()."/cookie_jar");
curl_setopt($ch, CURLOPT_HEADER, true);

$result = curl_exec($ch);

Edit2: Here's the verbose output as requested:

* Adding handle: conn: 0x3472770
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x3472770) send_pipe: 1, recv_pipe: 0
* About to connect() to www.caixagest.pt port 443 (#0)
*   Trying 195.234.134.196...
* Connected to www.caixagest.pt (195.234.134.196) port 443 (#0)
* error setting certificate verify locations:
  CAfile: C:\Winginx\ssl\certs\ca-bundle-old.crt
  CApath: none
* Closing connection 0


error setting certificate verify locations:
  CAfile: C:\Winginx\ssl\certs\ca-bundle-old.crt
  CApath: none
  • 写回答

1条回答 默认 最新

  • 普通网友 2015-05-27 04:34
    关注

    It's hard to say without having the URL, the curl version and compile options and the contents of your CA bundle but the most common cases are:

    • Server forgot to include important chain certificates. Look ot for "chain issues" and "extra download" when doing the analysis with SSLLabs.
    • Different trust path with the OpenSSL backend of curl. See https://stackoverflow.com/a/30068150/3081018 for details.
    • Old curl version which does not support SNI, so server sends the wrong certificate.

    More detailed help might be available with more information from you.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥50 ZYNQ7020双核FLAHS烧写的问题
  • ¥20 ue 5 中想要实现第一人称人物左右行走摆动的效果,摄像头只向右摆动一次(关键词-结点)
  • ¥15 钢岔管添加弹性约束模拟围岩作用
  • ¥15 AD9164瞬时带宽1.8G,怎么计算出来?
  • ¥15 鼠标右键,撤销删除 复制 移动,要怎样删除
  • ¥15 使用MATLAB进行余弦相似度计算加速
  • ¥15 服务器安装php5.6版本
  • ¥15 我想用51单片机和数码管做一个从0开始的计数表 我写了一串代码 但是放到单片机里面数码管只闪烁一下然后熄灭
  • ¥20 系统工程中,状态空间模型中状态方程的应用。请猛男来完整讲一下下面所有问题
  • ¥15 我想在WPF的Model Code中获取ViewModel Code中的一个参数