欢迎报读宜宾电大本科专科
张老师咨询电话:18096239786

巧妙解决WGET/CURL故障——CA证书不可信

Linux操作系统下有三宝:WGET、CURL、Aria2,他们统统都是用来下载文件的神器。可是偏偏有这么一种故障,他让我们如鲠在喉,他就是——ERROR: The certificate of is not trusted

究其原因,还是因为互联网实在太庞大、太冗杂,为了数据的传输安全,我们使用到一个新的技术——超文本传输安全协议。

超文本传输协议HTTPS,是HTTP Over TLS 的一个缩写,HTTPS经由HTTP进行传输通讯,其中利用到了SSL/TLS对数据包加密,以及CA证书技术,保证了数据传输的安全。

但是,偏偏有这么一种情况——服务器运行的是较旧的软件操作系统,无法识读新的CA证书,这时再次执行下载命令的时候,就会出现如下报错:

Shell

[root@localhost ~]# wget https://soft.mengclaw.com/TestFile/5MB.Test
–2018-06-01 15:18:59– https://soft.mengclaw.com/TestFile/5MB.Test
Resolving soft.mengclaw.com… 89.208.252.123
Connecting to soft.mengclaw.com|89.208.252.123|:443… connected.
ERROR: cannot verify soft.mengclaw.com’s certificate, issued by `/C=US/O=Let’s Encrypt/CN=Let’s Encrypt Authority X3′:
Unable to locally verify the issuer’s authority.
ERROR: certificate common name `www.cnfurry.com’ doesn’t match requested host name `soft.mengclaw.com’.
To connect to soft.mengclaw.com insecurely, use `–no-check-certificate’.
Unable to establish SSL connection.

[root@localhost ~]# wget https://soft.mengclaw.com/TestFile/5MB.Test
–2018-06-01 15:18:59– https://soft.mengclaw.com/TestFile/5MB.Test
Resolving soft.mengclaw.com… 89.208.252.123
Connecting to soft.mengclaw.com|89.208.252.123|:443… connected.
ERROR: cannot verify soft.mengclaw.com’s certificate, issued by `/C=US/O=Let’s Encrypt/CN=Let’s Encrypt Authority X3′:
Unable to locally verify the issuer’s authority.
ERROR: certificate common name `www.cnfurry.com’ doesn’t match requested host name `soft.mengclaw.com’.
To connect to soft.mengclaw.com insecurely, use `–no-check-certificate’.
Unable to establish SSL connection.
这时我们就要祭出大宝贝(咳咳),我们就要用到一个神秘的软件包:CA-Certificates

前提条件:
操作系统:CentOS6+/Debian7+/Ubuntu12+

1、以root账户登陆,防止系统过于精简,先更新系统软件源 :

Shell

yum update -y
# CentOS系统 用这个

apt-get update -y
# Debian/Ubuntu系统 用这个

yum update -y
# CentOS系统 用这个

apt-get update -y
# Debian/Ubuntu系统 用这个
2、安装CA-Certificates

Shell

yum install -y ca-certificates
# CentOS系统 用这个

apt-get install -y ca-certificates
# Debian/Ubuntu系统 用这个

yum install -y ca-certificates
# CentOS系统 用这个

apt-get install -y ca-certificates
# Debian/Ubuntu系统 用这个
3、安装结束,再次下载文件测试:

Shell

[root@localhost ~]# https://soft.mengclaw.com/TestFile/5MB.Test
-bash: https://soft.mengclaw.com/TestFile/5MB.Test: No such file or directory
[root@CT811 ~]# wget https://soft.mengclaw.com/TestFile/5MB.Test
–2018-06-01 08:46:25– https://soft.mengclaw.com/TestFile/5MB.Test
Resolving soft.mengclaw.com… 89.208.252.123
Connecting to soft.mengclaw.com|89.208.252.123|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 5242880 (5.0M) [application/octet-stream]
Saving to: `5MB.Test’

100%[===================================================================>] 5,242,880 998K/s in 5.1s

2018-06-01 08:46:30 (1003 KB/s) – `5MB.Test’ saved [5242880/5242880]

[root@localhost ~]# https://soft.mengclaw.com/TestFile/5MB.Test
-bash: https://soft.mengclaw.com/TestFile/5MB.Test: No such file or directory
[root@CT811 ~]# wget https://soft.mengclaw.com/TestFile/5MB.Test
–2018-06-01 08:46:25– https://soft.mengclaw.com/TestFile/5MB.Test
Resolving soft.mengclaw.com… 89.208.252.123
Connecting to soft.mengclaw.com|89.208.252.123|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 5242880 (5.0M) [application/octet-stream]
Saving to: `5MB.Test’

100%[===================================================================>] 5,242,880 998K/s in 5.1s

2018-06-01 08:46:30 (1003 KB/s) – `5MB.Test’ saved [5242880/5242880]
测试通过,问题解决。

本文原创,允许转载。转载请注明出处,谢谢!本文链接:https://www.mengclaw.com/2018/06/02/166/
版权所有©2018萌爪实验室

赞(0) 打赏
未经允许不得转载:逐渐学法的博客 » 巧妙解决WGET/CURL故障——CA证书不可信
分享到: 更多 (0)

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址

逐渐学法的博客

逐渐学法的博客-这是宜宾电大张老师的博客,分享法学和计算机的文章。一起学习交流可以联系 18096239786,谢谢!——by 逐渐学法宜宾电大最新招生简章点这里