#yyds干货盘点#wget/curl等ca证书失效问题解决办法

Posted 峰啊疯了

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了#yyds干货盘点#wget/curl等ca证书失效问题解决办法相关的知识,希望对你有一定的参考价值。

1.问题现象

wget https://download.ceph.com/rpm-mimic/el7/noarch/ceph-release-1-0.el7.noarch.rpm

错误日志如下:

#yyds干货盘点#wget/curl等ca证书失效问题解决办法_资源下载


  • --2022-02-17 11:44:48-- https://download.ceph.com/rpm-mimic/el7/noarch/ceph-release-1-0.el7.noarch.rpm

Resolving download.ceph.com (download.ceph.com)... 158.69.68.124, 2607:5300:201:2000::3:58a1

Connecting to download.ceph.com (download.ceph.com)|158.69.68.124|:443... connected.

ERROR: cannot verify download.ceph.coms certificate, issued by 鈥?C=US/O=Lets Encrypt/CN=R3鈥?

Issued certificate has expired.

To connect to download.ceph.com insecurely, use `--no-check-certificate.


2.原因分析

证书失效导致资源下载失败
    /etc/profile 添加环境变量
    export CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
    source /etc/profile
    去其他的机器拷贝ca-certificates.crt文件
    scp root@192.168.103.48:/etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt


3.解决办法

首先去其他环境拷贝证书ca-certificates.crt

拷贝以后发现不能用

查看wget版本是否一致

[root@ceph03 ~]# wget -V
    GNU Wget 1.14 built on linux-gnu.

    +digest +https +ipv6 +iri +large-file +nls +ntlm +opie +ssl/openssl 

    Wgetrc: 
        /etc/wgetrc (system)
    Locale: /usr/share/locale 
    Compile: gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/etc/wgetrc" 
        -DLOCALEDIR="/usr/share/locale" -I. -I../lib -I../lib -O2 -g -pipe 
        -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong 
        --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic 
    Link: gcc -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions 
        -fstack-protector-strong --param=ssp-buffer-size=4 
        -grecord-gcc-switches -m64 -mtune=generic -lssl -lcrypto 
        /usr/lib64/libssl.so /usr/lib64/libcrypto.so /usr/lib64/libz.so 
        -ldl -lz -lz -lidn -luuid -lpcre ftp-opie.o openssl.o http-ntlm.o 
        ../lib/libgnu.a 

    Copyright (C) 2011 Free Software Foundation, Inc.
    License GPLv3+: GNU GPL version 3 or later
    <http://www.gnu.org/licenses/gpl.html>.
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.

    Originally written by Hrvoje Niksic <hniksic@xemacs.org>.
    Please send bug reports and questions to <bug-wget@gnu.org>.


3.1绕过证书

加参数

--no-check-certificate (绕过证书)

#yyds干货盘点#wget/curl等ca证书失效问题解决办法_linux_02

--ca-certificate=FILE (指定证书位置)

默认证书位置/etc/pki/tls/cert.pem

3.2证书无法绕过,更新证书

yum install -y ca-certificates //安装证书


#yyds干货盘点#wget/curl等ca证书失效问题解决办法_redis_03

发现这样几个文件都发生改变,证书不是由一个文件控制的,而是多个文件

以上是关于#yyds干货盘点#wget/curl等ca证书失效问题解决办法的主要内容,如果未能解决你的问题,请参考以下文章

#yyds干货盘点#Windows Server之CA证书服务器

#yyds干货盘点#Windows Server之CA证书服务器看不到"web服务器"模板

#yyds干货盘点#怎样使用cfssl为etcd颁发SSL证书

#yyds干货盘点#Nginx配置SSL证书

#yyds干货盘点# web安全day12:PKI

Nginx-https证书认证详解 #yyds干货盘点#