厌伴老儒烹瓠叶,强随举子踏槐花。这篇文章主要讲述#yyds干货盘点#wget/curl等ca证书失效问题解决办法相关的知识,希望能为你提供帮助。
1.问题现象wget https://download.ceph.com/rpm-mimic/el7/noarch/ceph-release-1-0.el7.noarch.rpm
错误日志如下:
Resolving download.ceph.com (download.ceph.com)... 158.69.68.124, 2607:5300:201:2000::3:58a1
Connecting to download.ceph.com (download.ceph.com)|158.69.68.124|:443... connected.
ERROR: cannot verify download.ceph.coms certificate, issued by 鈥?C=US/O=Lets Encrypt/CN=R3鈥?
Issued certificate has expired.
To connect to download.ceph.com insecurely, use `--no-check-certificate.
2.原因分析证书失效导致资源下载失败
/etc/profile 添加环境变量
export CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
source /etc/profile
去其他的机器拷贝ca-certificates.crt文件
scp root@192.168.103.48:/etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
3.解决办法首先去其他环境拷贝证书ca-certificates.crt
拷贝以后发现不能用
查看wget版本是否一致
[root@ceph03 ~]# wget -V
GNU Wget 1.14 built on linux-gnu.
+digest +https +ipv6 +iri +large-file +nls +ntlm +opie +ssl/openssl
Wgetrc:
/etc/wgetrc (system)
Locale: /usr/share/locale
Compile: gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/etc/wgetrc"
-DLOCALEDIR="/usr/share/locale" -I. -I../lib -I../lib -O2 -g -pipe
-Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong
--param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic
Link: gcc -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector-strong --param=ssp-buffer-size=4
-grecord-gcc-switches -m64 -mtune=generic -lssl -lcrypto
/usr/lib64/libssl.so /usr/lib64/libcrypto.so /usr/lib64/libz.so
-ldl -lz -lz -lidn -luuid -lpcre ftp-opie.o openssl.o http-ntlm.o
../lib/libgnu.a
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<
http://www.gnu.org/licenses/gpl.html>
.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Originally written by Hrvoje Niksic <
hniksic@xemacs.org>
.
Please send bug reports and questions to <
bug-wget@gnu.org>
.
3.1绕过证书
加参数
--no-check-certificate (绕过证书)
--ca-certificate=FILE (指定证书位置)
默认证书位置/etc/pki/tls/cert.pem
3.2证书无法绕过,更新证书
yum install -y ca-certificates //安装证书
【#yyds干货盘点#wget/curl等ca证书失效问题解决办法】发现这样几个文件都发生改变,证书不是由一个文件控制的,而是多个文件
推荐阅读
- 搭建和学习k8s容器平台
- 数据结构第五站(树和二叉树)
- Flutter 专题68 图解基本约束 Box#yyds干货盘点#
- k8s-day2-名词解释(master)
- #yyds干货盘点# 通过淘宝数据学习爬虫,python scrapy requests与response对象
- 阿里云基本概念与基础架构 #yyds干货盘点#
- #yyds干货盘点# CoCon: A Self-Supervised Approach for Controlled Text Generation | ICLR 2021 论文
- 来自面试官一面MySQL索引的连续灵魂拷问
- #私藏项目实操分享#如何利用 onlyoffice 实现文档格式转换