ssl 证书错误:无法获取本地颁发者证书
该网站 https://dcs1.noaa.gov 最近更新了他们的 SSL 认证。由于该更改,我无法从那里获取我需要的文件。我收到以下错误:
--08:37:12-- https://dcs1.noaa.gov/pdts_compressed.txt
=> `pdts_compressed.txt'
Resolving dcs1.noaa.gov... 205.156.2.181
Connecting to dcs1.noaa.gov|205.156.2.181|:443... connected.
ERROR: Certificate verification error for dcs1.noaa.gov: unable to get local issuer certificate
To connect to dcs1.noaa.gov insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.
我正在运行 Red Hat Linux 4.x 并更新了所有 openssl 软件包。我用来访问该文件的常用进程在 Java 中运行,并使用 URL.openStream() 来读取该文件。命令 wget 也不起作用,所以我假设这是一个 SSL 问题而不是 java 问题。
This website, https://dcs1.noaa.gov, recently updated their SSL certification. Since that change I cannot grab a file from there that I need. I get the following error:
--08:37:12-- https://dcs1.noaa.gov/pdts_compressed.txt
=> `pdts_compressed.txt'
Resolving dcs1.noaa.gov... 205.156.2.181
Connecting to dcs1.noaa.gov|205.156.2.181|:443... connected.
ERROR: Certificate verification error for dcs1.noaa.gov: unable to get local issuer certificate
To connect to dcs1.noaa.gov insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.
I am running Red Hat Linux 4.x and updated all the openssl packages. The usual process I use to access this file is running in Java and uses URL.openStream() to read the file. The command wget also does not work so I am assuming that it is an SSL problem and not a java problem.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
新的服务器证书可能是由您不信任的颁发机构颁发的。您需要将颁发机构的证书导入您的信任库中。
Probably, the new server certificate is issued by an issuing authority that is not trusted by you. You need to import the issuing authority's certificate in your truststore.
该证书由 Verisign 颁发,可能他们的根证书位于您的服务器根证书存储中。从浏览器打开您计算机上的网页,您将看到证书有效。你也可以尝试从另一台机器上 wget ,它也会起作用。
the cert is issued by Verisign, probably their root cert is in your servers root cert store. Open the webpage from your machine from a browser and you will see the cert is valid. You can also try to wget from another machine and it will work too.
您可以尝试使用 openssl 的 s_client 测试 SSL 连接。我最近遇到了类似的问题并已解决。这是该解决方案的链接。它还包括有关如何使用 s_client 测试 SSL 连接的信息。
SSL 错误:无法获取本地颁发者证书
You could try testing the SSL connection with openssl's s_client. I recently had a similar problem and had it resolved. Here's a link to that solution. It also includes information on how to use the s_client to test an SSL connection.
SSL Error: unable to get local issuer certificate