Rap*_*OLO 9 php docker cacerts
一两天后,我的旧 php 容器 (dockerhub php:5.4-apache) 无法再使用curl。这是在此容器内运行curl 时的日志。
$> docker run --rm -ti php:5.6-apache bash
$> curl -X POST https://xxxxx.com
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
这个相同的调用适用于现代(更新的)操作系统。
Rap*_*OLO 20
原因是操作系统的证书已经过时
要更新它们,您需要执行以下操作
curl -k https://curl.se/ca/cacert.pem > cacert.pem
# works : curl --cacert cacert.pem -X POST https://xxxxx.com
apt-get install ca-certificates
openssl x509 -outform der -in cacert.pem -out cacert.crt
cp cacert.crt /usr/local/share/ca-certificates/
update-ca-certificates
其他选项:
sed -i 's/mozilla\/DST_Root_CA_X3.crt/!mozilla\/DST_Root_CA_X3.crt/g' /etc/ca-certificates.conf
update-ca-certificates
最好的选择(恕我直言):
apt-get update
apt-get upgrade -y
| 归档时间: |
|
| 查看次数: |
7632 次 |
| 最近记录: |