Guzzle Curl 错误 60 SSL 无法获取本地发行者
Posted
技术标签:
【中文标题】Guzzle Curl 错误 60 SSL 无法获取本地发行者【英文标题】:Guzzle Curl Error 60 SSL unable to get local issuer 【发布时间】:2014-09-15 09:53:08 【问题描述】:尝试使用 YouTube API v3 获取一些视频信息,在 Symfony2 中使用 Guzzle 并使用服务描述符。
当我运行脚本时,我得到了这个:
[curl] 60: SSL 证书问题:无法获取本地颁发者 证书 [网址] https://www.googleapis.com/youtube/v3/videos?id=2xbVbCoHBgA&part=snippet&key=MY_KEY
500 内部服务器错误 - CurlException
我的描述符如下所示:
"name": "YouTube",
"baseUrl": "https://www.googleapis.com",
"apiVersion": "v3",
"description": "YouTube GData Graph API",
"operations":
"GetVideos":
"httpMethod": "GET",
"uri": "/youtube/v3/videos",
"parameters":
"id":
"type":"string",
"location":"query",
"required": true
,
"part":
"location": "query",
"default": "snippet"
,
"key":
"location": "query",
"default": "MY KEY",
"static": true
,
"maxResults":
"location": "query",
"default": 50
这是在本地 Ubuntu 14.04 开发环境中运行的,其中包含一个非常基本的 LAMP 堆栈。
关于可能导致此问题的任何想法?
【问题讨论】:
对于开发环境,这个答案可能会对您有所帮助 - ***.com/a/32095378/178163 【参考方案1】:$this->client = new Client(
[
'base_uri' => $this->baseUrl,
'verify' => false,
]
);
【讨论】:
【参考方案2】:我也遇到了类似guzzel的问题
GuzzleHttp\Exception\RequestException::wrapException(Object(GuzzleHttp\Psr7\Request), Object(RuntimeException))
/mnt/application/lms-backend/vendor/guzzlehttp/guzzle/src/Handler/StreamHandler.php:67
2 RuntimeException::("Error creating resource: [message] fopen(): SSL operation failed with code 1. OpenSSL Error messages:
error:1408F10B:SSL routines:ssl3_get_record:wrong version number
[file] /mnt/application/lms-backend/vendor/guzzlehttp/guzzle/src/Handler/StreamHandler.php
[line] 323
[message] fopen(): Failed to enable crypto
[file] /mnt/application/lms-backend/vendor/guzzlehttp/guzzle/src/Handler/StreamHandler.php
[line] 323
请确保您使用 http 请求 url 或传递 pass 令牌。
【讨论】:
【参考方案3】:如果您使用的是 Facades Http,那么您可以在 withOptions 方法中传递验证 false :
Http::withOptions(['verify' => false,])->withHeaders($headers)->get($endpoint);
【讨论】:
【参考方案4】:Guzzle 6
$response = $client->request('POST', $url, [
'verify' => false,
'body'=>json_encode($postData)
]);
$body = $response->getBody()->getContents();
【讨论】:
在回答一个老问题时,如果您包含一些上下文来解释您的答案如何提供帮助,那么您的答案将对其他 *** 用户更有用,特别是对于已经有一个已接受答案的问题。请参阅:How do I write a good answer。【参考方案5】:你也可以在 guzzle 6+ 中试试这个
$client = new \GuzzleHttp\Client(
array(
'curl' => array( CURLOPT_SSL_VERIFYPEER => false ),
'verify' => false
)
);
【讨论】:
【参考方案6】:最好的选择是
https://github.com/composer/ca-bundle
$client = new \GuzzleHttp\Client([
\GuzzleHttp\RequestOptions::VERIFY => \Composer\CaBundle\CaBundle::getSystemCaRootBundlePath()
]);
【讨论】:
【参考方案7】:我使用 guzzle/guzzle 3.*,这段代码对我有用:
$client = new Client(env('API_HOST'));
$client->setSslVerification(false);
【讨论】:
【参考方案8】:这对我很有帮助
点击此链接:http://curl.haxx.se/ca/cacert.pem复制整个页面并保存为“cacert.pem”
然后在你的 php.ini 文件中插入或编辑
;;;;;;;;;;;;;;;;;;;;
; php.ini Options ;
;;;;;;;;;;;;;;;;;;;;
curl.cainfo = "[pathtothisfile]\cacert.pem"
问题已解决(不建议在生产环境中使用)
【讨论】:
如果您使用自签名 ssl,这可能是您的选择。禁用 ssl 验证不是一个好主意,设置默认选项在生产环境中毫无用处。因此,当在开发环境中自签名 ssl 时,这是一个非常好的方法。您应该知道,您需要同时设置 php-fpm 和 php-cli 的 php.ini 才能使 web 和命令行正常工作。 我只在开发中使用这个【参考方案9】:1) 将this ca bundle file 的内容保存到您的系统,例如:C:/ca-bundle.crt
2) 像这样更新php.ini 属性openssl.cafile:openssl.cafile="C:/ca-bundle.crt"
3) 重启服务器/完成/现在应该可以工作了
更多信息在这里:http://guzzle.readthedocs.io/en/stable/request-options.html#verify
【讨论】:
【参考方案10】:可以通过提供适当的 CA 捆绑文件来解决此问题,而不是完全禁用验证。请参阅 Guzzle 文档中的 verify。
在我的系统中,我能够重用与 Git 捆绑的一个:
$client = new \GuzzleHttp\Client();
$client->setDefaultOption('verify', 'C:\Program Files (x86)\Git\bin\curl-ca-bundle.crt');
【讨论】:
对当前的 Guzzle 版本无效。【参考方案11】:使用 Guzzle 6+,您必须在客户端请求选项数组中设置它。
$response = $client->request('GET', 'https://example.com/v1/WebHooks',
['verify' => false,
'headers' => ['Authorization' => "ApiKey $apiKey"]
]);
【讨论】:
如果忽略请求验证,那么 SSL 证书的目的是什么?【参考方案12】:可能是它正在寻找您网站的 SSL 证书。
如果是这种情况,请尝试禁用 SSL 认证:
$client->setDefaultOption('verify', false);
【讨论】:
当然,让我们忽略 SSL 证书存在的全部原因,盲目相信服务器告诉我们它的名称。会出什么问题? @cHao 虽然你在技术上是正确的,但你也错了,我不明白为什么人们会拒绝投票。是的,盲目相信是错误的,但有时您只需要测试一下,或者尝试一些新的东西。 @tftd:人们之所以投反对票,是因为禁用证书检查实际上是一件很烦人的事情。但它破坏了证书的意义,并使您容易受到 MITM 攻击,所以如果没有某种大的大胆警告,就不应该建议这样做。否则,一些可怜的蠢货最终会在遇到诸如 authorize.net 之类的问题时这样做。 我同意这可能是鲁莽的,但如果你正在本地开发使用 Guzzle 的东西(即构建一个 REST 客户端与本地应用程序对话),这是一个非常方便的技巧。但是对于爱神,人们不要在生产中这样做! 不是解决方案,而是降低安全标准的解决方法。不推荐。【参考方案13】:
[curl] 60: SSL certificate problem: unable to get local issuer certificate
嗯,从外面看,服务器证书好像坏了。它不包括名称“googleapis.com”。
首先,使用openssl s_client获取证书:
openssl s_client -connect googleapis.com:443
然后将证书保存到文件中。证书以-----BEGIN CERTIFICATE----- 开头,以-----END CERTIFICATE----- 结尾。
接下来,打印带有openssl x509 的证书(如下所示)。它缺少googleapis.com。
您可能需要接受名称不匹配,并固定服务器的公钥。谷歌每 30 天左右轮换一次他们的证书,以使 CRL 对移动客户端来说很小。这意味着您无法固定证书。但是,Google 会重新认证相同的公钥,因此公钥固定等密钥连续性方案可以正常工作。
使用openssl s_client 时还有一个较小的第二个问题。 s_client 需要使用 Google Internet Authority G2 的选项 CAfile。缺少的 CA 导致下面的错误 unable to get local issuer certificate。您可以在pki.google.com 下载 Google 的 CA 文件。
$ openssl s_client -connect googleapis.com:443
CONNECTED(00000003)
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=google.com
i:/C=US/O=Google Inc/CN=Google Internet Authority G2
1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
您也可以使用 Equifax Secure Certificate Authority 作为信任根,因为它显示为 Equifax 交叉认证的 Google 的 CA。
但是名称不匹配会破坏交易。这是 X509 证书应该做的一件事:通过受信任的机构将实体(如服务器名称或用户)绑定到公钥。谁签署了损坏的证书并不重要(我可以签署它)。
$ openssl x509 -in googleapis-com.txt -inform PEM -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9106978240760957072 (0x7e627c7589c4c890)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2
Validity
Not Before: Jul 2 13:04:27 2014 GMT
Not After : Sep 30 00:00:00 2014 GMT
Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=google.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ab:02:29:67:f1:08:cc:f0:5c:63:ff:75:b3:bd:
41:62:c6:83:0c:3b:e6:1b:9a:41:0d:dc:5a:b3:34:
db:a3:37:6f:4f:bf:f5:8a:01:39:6a:91:b7:d1:a6:
83:6d:c6:28:60:79:c9:07:f2:ad:23:00:f2:31:74:
b0:a3:d0:d6:ac:5a:f4:31:c8:98:9c:49:c6:20:0b:
ce:81:2b:51:b6:54:0f:65:54:f2:b3:08:c9:c0:c8:
ca:a6:ec:bb:fc:8e:a5:64:70:6b:dc:08:45:9c:14:
cd:cd:aa:49:fd:e9:a5:f1:7d:c6:f8:5d:52:e8:d8:
3d:21:81:46:49:ba:f7:bd:7d:07:42:31:cf:79:61:
b1:47:2c:ba:ce:5a:cd:52:4a:5f:d2:b6:88:d0:a2:
94:53:e2:65:d6:66:80:43:17:e1:2e:43:ab:ca:2f:
79:e6:11:8b:4a:35:fa:e1:43:e3:49:66:5a:1f:e0:
a3:1c:5e:1c:6e:aa:de:0d:ba:cb:20:e3:3d:9e:66:
47:32:25:3c:01:22:b3:69:a6:96:0e:2e:13:c7:fd:
70:c6:61:7e:a9:f0:ad:a4:a6:41:13:36:8c:46:74:
c8:a5:ac:b0:b5:17:00:b8:0e:62:79:1a:fc:7e:7c:
2b:f7:2e:c0:ab:07:fc:8e:46:3c:8f:f2:e5:6e:8f:
83:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Subject Alternative Name:
DNS:google.com, DNS:*.2mdn.net, DNS:*.android.com, DNS:*.appengine.google.com,
DNS:*.au.doubleclick.net, DNS:*.cc-dt.com, DNS:*.cloud.google.com, DNS:*.de.doubleclick.net,
DNS:*.doubleclick.com, DNS:*.doubleclick.net, DNS:*.fls.doubleclick.net, DNS:*.fr.doubleclick.net,
DNS:*.google-analytics.com, DNS:*.google.ac, DNS:*.google.ad, DNS:*.google.ae, DNS:*.google.af,
DNS:*.google.ag, DNS:*.google.al, DNS:*.google.am, DNS:*.google.as, DNS:*.google.at,
DNS:*.google.az, DNS:*.google.ba, DNS:*.google.be, DNS:*.google.bf, DNS:*.google.bg,
DNS:*.google.bi, DNS:*.google.bj, DNS:*.google.bs, DNS:*.google.bt, DNS:*.google.by,
DNS:*.google.ca, DNS:*.google.cat, DNS:*.google.cc, DNS:*.google.cd, DNS:*.google.cf,
DNS:*.google.cg, DNS:*.google.ch, DNS:*.google.ci, DNS:*.google.cl, DNS:*.google.cm,
DNS:*.google.cn, DNS:*.google.co.ao, DNS:*.google.co.bw, DNS:*.google.co.ck, DNS:*.google.co.cr,
DNS:*.google.co.hu, DNS:*.google.co.id, DNS:*.google.co.il, DNS:*.google.co.im, DNS:*.google.co.in,
DNS:*.google.co.je, DNS:*.google.co.jp, DNS:*.google.co.ke, DNS:*.google.co.kr, DNS:*.google.co.ls,
DNS:*.google.co.ma, DNS:*.google.co.mz, DNS:*.google.co.nz, DNS:*.google.co.th, DNS:*.google.co.tz,
DNS:*.google.co.ug, DNS:*.google.co.uk, DNS:*.google.co.uz, DNS:*.google.co.ve, DNS:*.google.co.vi,
DNS:*.google.co.za, DNS:*.google.co.zm, DNS:*.google.co.zw, DNS:*.google.com, DNS:*.google.com.af,
DNS:*.google.com.ag, DNS:*.google.com.ai, DNS:*.google.com.ar, DNS:*.google.com.au,
DNS:*.google.com.bd, DNS:*.google.com.bh, DNS:*.google.com.bn, DNS:*.google.com.bo,
DNS:*.google.com.br, DNS:*.google.com.by, DNS:*.google.com.bz, DNS:*.google.com.cn,
DNS:*.google.com.co, DNS:*.google.com.cu, DNS:*.google.com.cy, DNS:*.google.com.do,
DNS:*.google.com.ec, DNS:*.google.com.eg, DNS:*.google.com.et, DNS:*.google.com.fj,
DNS:*.google.com.ge, DNS:*.google.com.gh, DNS:*.google.com.gi, DNS:*.google.com.gr,
DNS:*.google.com.gt, DNS:*.google.com.hk, DNS:*.google.com.iq, DNS:*.google.com.jm,
DNS:*.google.com.jo, DNS:*.google.com.kh, DNS:*.google.com.kw, DNS:*.google.com.lb,
DNS:*.google.com.ly, DNS:*.google.com.mm, DNS:*.google.com.mt, DNS:*.google.com.mx,
DNS:*.google.com.my, DNS:*.google.com.na, DNS:*.google.com.nf, DNS:*.google.com.ng,
DNS:*.google.com.ni, DNS:*.google.com.np, DNS:*.google.com.nr, DNS:*.google.com.om,
DNS:*.google.com.pa, DNS:*.google.com.pe, DNS:*.google.com.pg, DNS:*.google.com.ph,
DNS:*.google.com.pk, DNS:*.google.com.pl, DNS:*.google.com.pr, DNS:*.google.com.py,
DNS:*.google.com.qa, DNS:*.google.com.ru, DNS:*.google.com.sa, DNS:*.google.com.sb,
DNS:*.google.com.sg, DNS:*.google.com.sl, DNS:*.google.com.sv, DNS:*.google.com.tj,
DNS:*.google.com.tn, DNS:*.google.com.tr, DNS:*.google.com.tw, DNS:*.google.com.ua,
DNS:*.google.com.uy, DNS:*.google.com.vc, DNS:*.google.com.ve, DNS:*.google.com.vn, DNS:*.google.cv,
DNS:*.google.cz, DNS:*.google.de, DNS:*.google.dj, DNS:*.google.dk, DNS:*.google.dm,
DNS:*.google.dz, DNS:*.google.ee, DNS:*.google.es, DNS:*.google.fi, DNS:*.google.fm,
DNS:*.google.fr, DNS:*.google.ga, DNS:*.google.ge, DNS:*.google.gg, DNS:*.google.gl,
DNS:*.google.gm, DNS:*.google.gp, DNS:*.google.gr, DNS:*.google.gy, DNS:*.google.hk,
DNS:*.google.hn, DNS:*.google.hr, DNS:*.google.ht, DNS:*.google.hu, DNS:*.google.ie,
DNS:*.google.im, DNS:*.google.info, DNS:*.google.iq, DNS:*.google.ir, DNS:*.google.is,
DNS:*.google.it, DNS:*.google.it.ao, DNS:*.google.je, DNS:*.google.jo, DNS:*.google.jobs,
DNS:*.google.jp, DNS:*.google.kg, DNS:*.google.ki, DNS:*.google.kz, DNS:*.google.la,
DNS:*.google.li, DNS:*.google.lk, DNS:*.google.lt, DNS:*.google.lu, DNS:*.google.lv,
DNS:*.google.md, DNS:*.google.me, DNS:*.google.mg, DNS:*.google.mk, DNS:*.google.ml,
DNS:*.google.mn, DNS:*.google.ms, DNS:*.google.mu, DNS:*.google.mv, DNS:*.google.mw,
DNS:*.google.ne, DNS:*.google.ne.jp, DNS:*.google.net, DNS:*.google.ng, DNS:*.google.nl,
DNS:*.google.no, DNS:*.google.nr, DNS:*.google.nu, DNS:*.google.off.ai, DNS:*.google.pk,
DNS:*.google.pl, DNS:*.google.pn, DNS:*.google.ps, DNS:*.google.pt, DNS:*.google.ro,
DNS:*.google.rs, DNS:*.google.ru, DNS:*.google.rw, DNS:*.google.sc, DNS:*.google.se,
DNS:*.google.sh, DNS:*.google.si, DNS:*.google.sk, DNS:*.google.sm, DNS:*.google.sn,
DNS:*.google.so, DNS:*.google.sr, DNS:*.google.st, DNS:*.google.td, DNS:*.google.tg,
DNS:*.google.tk, DNS:*.google.tl, DNS:*.google.tm, DNS:*.google.tn, DNS:*.google.to,
DNS:*.google.tt, DNS:*.google.us, DNS:*.google.uz, DNS:*.google.vg, DNS:*.google.vu,
DNS:*.google.ws, DNS:*.googleapis.cn, DNS:*.googlecommerce.com, DNS:*.googlevideo.com,
DNS:*.gstatic.com, DNS:*.gvt1.com, DNS:*.jp.doubleclick.net, DNS:*.metric.gstatic.com,
DNS:*.uk.doubleclick.net, DNS:*.urchin.com, DNS:*.url.google.com, DNS:*.youtube-nocookie.com,
DNS:*.youtube.com, DNS:*.youtubeeducation.com, DNS:*.ytimg.com, DNS:ad.mo.doubleclick.net,
DNS:android.com, DNS:doubleclick.net, DNS:g.co, DNS:goo.gl, DNS:google-analytics.com, DNS:google.ac,
DNS:google.ad, DNS:google.ae, DNS:google.af, DNS:google.ag, DNS:google.al, DNS:google.am,
DNS:google.as, DNS:google.at, DNS:google.az, DNS:google.ba, DNS:google.be, DNS:google.bf,
DNS:google.bg, DNS:google.bi, DNS:google.bj, DNS:google.bs, DNS:google.bt, DNS:google.by,
DNS:google.ca, DNS:google.cat, DNS:google.cc, DNS:google.cd, DNS:google.cf, DNS:google.cg,
DNS:google.ch, DNS:google.ci, DNS:google.cl, DNS:google.cm, DNS:google.cn, DNS:google.co.ao,
DNS:google.co.bw, DNS:google.co.ck, DNS:google.co.cr, DNS:google.co.hu, DNS:google.co.id,
DNS:google.co.il, DNS:google.co.im, DNS:google.co.in, DNS:google.co.je, DNS:google.co.jp,
DNS:google.co.ke, DNS:google.co.kr, DNS:google.co.ls, DNS:google.co.ma, DNS:google.co.mz,
DNS:google.co.nz, DNS:google.co.th, DNS:google.co.tz, DNS:google.co.ug, DNS:google.co.uk,
DNS:google.co.uz, DNS:google.co.ve, DNS:google.co.vi, DNS:google.co.za, DNS:google.co.zm,
DNS:google.co.zw, DNS:google.com.af, DNS:google.com.ag, DNS:google.com.ai, DNS:google.com.ar,
DNS:google.com.au, DNS:google.com.bd, DNS:google.com.bh, DNS:google.com.bn, DNS:google.com.bo,
DNS:google.com.br, DNS:google.com.by, DNS:google.com.bz, DNS:google.com.cn, DNS:google.com.co,
DNS:google.com.cu, DNS:google.com.cy, DNS:google.com.do, DNS:google.com.ec, DNS:google.com.eg,
DNS:google.com.et, DNS:google.com.fj, DNS:google.com.ge, DNS:google.com.gh, DNS:google.com.gi,
DNS:google.com.gr, DNS:google.com.gt, DNS:google.com.hk, DNS:google.com.iq, DNS:google.com.jm,
DNS:google.com.jo, DNS:google.com.kh, DNS:google.com.kw, DNS:google.com.lb, DNS:google.com.ly,
DNS:google.com.mm, DNS:google.com.mt, DNS:google.com.mx, DNS:google.com.my, DNS:google.com.na,
DNS:google.com.nf, DNS:google.com.ng, DNS:google.com.ni, DNS:google.com.np, DNS:google.com.nr,
DNS:google.com.om, DNS:google.com.pa, DNS:google.com.pe, DNS:google.com.pg, DNS:google.com.ph,
DNS:google.com.pk, DNS:google.com.pl, DNS:google.com.pr, DNS:google.com.py, DNS:google.com.qa,
DNS:google.com.ru, DNS:google.com.sa, DNS:google.com.sb, DNS:google.com.sg, DNS:google.com.sl,
DNS:google.com.sv, DNS:google.com.tj, DNS:google.com.tn, DNS:google.com.tr, DNS:google.com.tw,
DNS:google.com.ua, DNS:google.com.uy, DNS:google.com.vc, DNS:google.com.ve, DNS:google.com.vn,
DNS:google.cv, DNS:google.cz, DNS:google.de, DNS:google.dj, DNS:google.dk, DNS:google.dm,
DNS:google.dz, DNS:google.ee, DNS:google.es, DNS:google.fi, DNS:google.fm, DNS:google.fr,
DNS:google.ga, DNS:google.ge, DNS:google.gg, DNS:google.gl, DNS:google.gm, DNS:google.gp,
DNS:google.gr, DNS:google.gy, DNS:google.hk, DNS:google.hn, DNS:google.hr, DNS:google.ht,
DNS:google.hu, DNS:google.ie, DNS:google.im, DNS:google.info, DNS:google.iq, DNS:google.ir,
DNS:google.is, DNS:google.it, DNS:google.it.ao, DNS:google.je, DNS:google.jo, DNS:google.jobs,
DNS:google.jp, DNS:google.kg, DNS:google.ki, DNS:google.kz, DNS:google.la, DNS:google.li,
DNS:google.lk, DNS:google.lt, DNS:google.lu, DNS:google.lv, DNS:google.md, DNS:google.me,
DNS:google.mg, DNS:google.mk, DNS:google.ml, DNS:google.mn, DNS:google.ms, DNS:google.mu,
DNS:google.mv, DNS:google.mw, DNS:google.ne, DNS:google.ne.jp, DNS:google.net, DNS:google.ng,
DNS:google.nl, DNS:google.no, DNS:google.nr, DNS:google.nu, DNS:google.off.ai, DNS:google.pk,
DNS:google.pl, DNS:google.pn, DNS:google.ps, DNS:google.pt, DNS:google.ro, DNS:google.rs,
DNS:google.ru, DNS:google.rw, DNS:google.sc, DNS:google.se, DNS:google.sh, DNS:google.si,
DNS:google.sk, DNS:google.sm, DNS:google.sn, DNS:google.so, DNS:google.sr, DNS:google.st,
DNS:google.td, DNS:google.tg, DNS:google.tk, DNS:google.tl, DNS:google.tm, DNS:google.tn,
DNS:google.to, DNS:google.tt, DNS:google.us, DNS:google.uz, DNS:google.vg, DNS:google.vu,
DNS:google.ws, DNS:googlecommerce.com, DNS:gstatic.com, DNS:urchin.com, DNS:youtu.be,
DNS:youtube.com, DNS:youtubeeducation.com
Authority Information Access:
CA Issuers - URI:http://pki.google.com/GIAG2.crt
OCSP - URI:http://clients1.google.com/ocsp
X509v3 Subject Key Identifier:
71:D7:BB:09:DE:42:EB:E5:E0:75:3D:49:64:97:E5:9A:8D:6E:C3:8E
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Authority Key Identifier:
keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.11129.2.5.1
X509v3 CRL Distribution Points:
Full Name:
URI:http://pki.google.com/GIAG2.crl
Signature Algorithm: sha1WithRSAEncryption
8f:f3:ec:dd:ca:45:d2:20:12:40:cd:ce:72:10:42:b5:ac:4b:
8c:45:15:15:d7:9f:fb:01:e7:84:63:c6:41:b4:93:8b:79:ab:
51:56:b9:3f:07:74:5b:c7:38:ad:f0:ee:97:53:3b:f8:2d:bc:
94:23:ca:2e:1f:0c:5b:21:82:ae:b8:0f:55:43:1a:58:8f:4d:
25:0a:80:32:a6:c9:ff:3f:43:f5:1f:39:63:9f:a6:82:20:b4:
74:d4:e1:ef:e0:f9:92:c5:63:b6:e2:61:e4:e7:4e:c7:a3:dd:
44:1b:32:e0:06:7f:84:b6:45:20:57:6a:71:07:c2:54:b0:69:
9c:a2:f6:3f:5f:52:ca:9e:ba:77:b3:0b:4f:2a:b7:14:ca:c9:
7a:6c:f3:ce:2b:aa:c1:0d:ea:33:8f:e6:39:24:83:84:dc:3c:
ac:f0:83:2e:98:9f:2f:54:de:c4:c5:b0:05:a3:e3:ca:a5:13:
9c:28:ba:6b:e9:ee:e0:10:41:4a:d7:78:cd:60:0f:79:0f:0a:
e3:76:46:ce:7a:b4:84:1b:07:91:21:83:23:17:7a:77:e8:32:
3b:14:7c:3a:a8:fb:d6:c2:bf:18:4a:ad:d7:c1:d6:30:cd:67:
b4:8f:7d:27:43:97:b8:12:9d:0b:7e:ae:de:27:83:fa:89:29:
d9:be:e4:43
【讨论】:
如何使用 openssl x509 打印证书? 如果您将“www”添加到 URL,那么它的 CN 正确:openssl s_client -connect www.googleapis.com:443 我按照您的步骤操作,但对我来说还不行。我正在使用 trello api。知道我还能尝试什么吗? 这回答了导致问题的原因,但没有清楚地说明如何解决。以上是关于Guzzle Curl 错误 60 SSL 无法获取本地发行者的主要内容,如果未能解决你的问题,请参考以下文章
cURL 错误 60 - SSL 证书问题 - 无法获取本地颁发者
facebook auth cURL 错误 60:SSL 证书
...cURL error 60: SSL certificate problem: unable to get local issuer certificate...