简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW) 日本語(JA) 한국어(KO) Melayu(MS) Français(FR) Deutsch(DE)
apache - openssl s_client -connect www.verisign.com:443 错误无法获取本地颁发者证书
ringa_lee
ringa_lee 2017-05-16 17:03:54
0
3
3931
雷雷
ringa_lee
ringa_lee

ringa_lee

全部回复(3)
刘奇
刘奇2017-05-16 17:05:54 3 楼

把 Server certificate这一部分拷贝出来,就是

-----BEGIN CERTIFICATE-----
MIIG0jCCBbqgAwIBAgIQRHT74McgkNIJ4CcjNXxCZzANBgkqhkiG9w0BAQUFADCB
vjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNjE4MDYGA1UEAxMv
VmVyaVNpZ24gQ2xhc3MgMyBFeHRlbmRlZCBWYWxpZGF0aW9uIFNTTCBTR0MgQ0Ew
HhcNMTQwMTE2MDAwMDAwWhcNMTYwMTE2MjM1OTU5WjCCASYxEzARBgsrBgEEAYI3
PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVsYXdhcmUxHTAbBgNVBA8TFFBy
aXZhdGUgT3JnYW5pemF0aW9uMRAwDgYDVQQFEwcyMTU4MTEzMQswCQYDVQQGEwJV
UzEOMAwGA1UEERQFOTQwNDMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcU
DU1vdW50YWluIFZpZXcxGTAXBgNVBAkUEDM1MCBFbGxpcyBTdHJlZXQxHTAbBgNV
BAoUFFN5bWFudGVjIENvcnBvcmF0aW9uMSQwIgYDVQQLFBtJbmZyYXN0cnVjdHVy
ZSBPcGVyYXRpb25zICAxGTAXBgNVBAMUEHd3dy52ZXJpc2lnbi5jb20wggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrG90iUEhTlnwtoAfqXUHUPBQo3JEK
BWEewf8/71RFR0O6J5mxF88ODxs/HRGK1wrd8WClqnhMBsvITNB9m+escDpBWpwG
NZp4TaYW9HxxtZ7heaeJjso8M/k3NHdXuFsuPw5L8xxOv9aI0H87LMmImenLxCRm
pJQNAKe+jfNTqpuK1tUEYdLzR0n4u76ZDcGSYSplbCjLcamLTHAhijQQWiUgWC0f
Unm4z2zyzT4QwzXIfuf7BCSLfCGY3/KuKO4vybtiUg6ALqMW3JjA149r6DHjIkib
wq2wJhFnspm74y0wJq3GE5avUyUrz8XoXexSJPTRuz6jyVayEXeDZvcJAgMBAAGj
ggJfMIICWzCB1QYDVR0RBIHNMIHKghB3d3cudmVyaXNpZ24uY29tggx2ZXJpc2ln
bi5jb22CEHd3dy52ZXJpc2lnbi5uZXSCDHZlcmlzaWduLm5ldIIRd3d3LnZlcmlz
aWduLm1vYmmCDXZlcmlzaWduLm1vYmmCD3d3dy52ZXJpc2lnbi5ldYILdmVyaXNp
Z24uZXWCFWZvcm1zLndzLnN5bWFudGVjLmNvbYINc3NscmV2aWV3LmNvbYIRd3d3
LnNzbHJldmlldy5jb22CD3d3dy5zeW1hdXRoLmNvbTAJBgNVHRMEAjAAMA4GA1Ud
DwEB/wQEAwIFoDAoBgNVHSUEITAfBggrBgEFBQcDAQYIKwYBBQUHAwIGCWCGSAGG
+EIEATBEBgNVHSAEPTA7MDkGC2CGSAGG+EUBBxcGMCowKAYIKwYBBQUHAgEWHGh0
dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9jcHMwHQYDVR0OBBYEFFhbQy8r9duhEyHt
180crp3UFY8gMB8GA1UdIwQYMBaAFE5DyB127zdTek/yWG+U8zji1b3fMD4GA1Ud
HwQ3MDUwM6AxoC+GLWh0dHA6Ly9FVkludGwtY3JsLnZlcmlzaWduLmNvbS9FVklu
dGwyMDA2LmNybDB2BggrBgEFBQcBAQRqMGgwKwYIKwYBBQUHMAGGH2h0dHA6Ly9F
VkludGwtb2NzcC52ZXJpc2lnbi5jb20wOQYIKwYBBQUHMAKGLWh0dHA6Ly9FVklu
dGwtYWlhLnZlcmlzaWduLmNvbS9FVkludGwyMDA2LmNlcjANBgkqhkiG9w0BAQUF
AAOCAQEAPSZt7qa0z7AbV78LQ20T2c587Pb389khyLLyxQSx/nKqtYIs0sH9qvsd
rqEk3ThUYbTfI4Owh0a87uCCpBTPf/1c1581waHoId7VibSq3IwR71RPhSJu9zmL
J/GSjs/NWcVgbpUI7JRQlyqffVmMn3w3La/NZBSXspFSMzmDG0G+hUZJJYPabrfi
nsedFav2e5BihDgGISbMhxeXGuSsQYLbOF8B9JPUwgBnDCO6IgKGeww+Zb3Uh1FB
mCydpZlP4Qn8tkaegGMXtlv4rzdt7wtKpELSbhotQHlWr06hD9XUlh7UOBvShhM7
UDhMFUQ0HjLf/9A11pb71CRaoHfFbQ==
-----END CERTIFICATE-----

存成CA.cert
openssl s_client -CAfile CA.cert -connect www.verisign.com:443

点赞 +0
添加回复
伊谢尔伦
伊谢尔伦2017-05-16 17:05:54 2 楼 
<VirtualHost _default_:443> 
    SSLProxyEngine on 
    SSLEngine on 
    #SSLSessionCacheTimeout  2100 
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP 
    SSLCertificateFile /etc/httpd/common/server.crt 
    SSLCertificateKeyFile /etc/httpd/common/server.key 
    SSLCertificateChainFile /etc/httpd/common/server_intermediate.pem 
    Include conf/conf/xxx.conf 
</VirtualHost>

这是我在apache上面的配置文件, 浏览器已经认可了证书, 但是用openssl验证的时候

CONNECTED(00000003)
depth=0 ....................
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 ........................
verify error:num=27:certificate not trusted
verify return:1
depth=0 ....................
verify error:num=21:unable to verify the first certificate
verify return:1

Verify return code: 21 (unable to verify the first certificate)
点赞 +0
添加回复
漂亮男人
漂亮男人2017-05-16 17:05:54 1 楼 
openssl s_client -connect www.verisign.com:443 -CApath /etc/ca-certificates

先弄明白 SSL/TLS 的具体过程,再看 man s_client

点赞 +0
添加回复
热门专题
更多>
热门文章
热门教程
更多>
相关教程
热门推荐
最新课程
最新下载
更多>
网站特效
网站源码
网站素材
前端模板
关于我们 免责声明 Sitemap
PHP中文网:公益在线PHP培训,帮助PHP学习者快速成长!