#yyds干货盘点#wget/curl等ca证书失效问题解决办法

厌伴老儒烹瓠叶,强随举子踏槐花。这篇文章主要讲述#yyds干货盘点#wget/curl等ca证书失效问题解决办法相关的知识,希望能为你提供帮助。
1.问题现象wget https://download.ceph.com/rpm-mimic/el7/noarch/ceph-release-1-0.el7.noarch.rpm
错误日志如下:



  • --2022-02-17 11:44:48--https://download.ceph.com/rpm-mimic/el7/noarch/ceph-release-1-0.el7.noarch.rpm
Resolving download.ceph.com (download.ceph.com)... 158.69.68.124, 2607:5300:201:2000::3:58a1
Connecting to download.ceph.com (download.ceph.com)|158.69.68.124|:443... connected.
ERROR: cannot verify download.ceph.coms certificate, issued by 鈥?C=US/O=Lets Encrypt/CN=R3鈥?
Issued certificate has expired.
To connect to download.ceph.com insecurely, use `--no-check-certificate.


2.原因分析
证书失效导致资源下载失败
/etc/profile 添加环境变量
export CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
source /etc/profile
去其他的机器拷贝ca-certificates.crt文件
scp root@192.168.103.48:/etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt



3.解决办法首先去其他环境拷贝证书ca-certificates.crt
拷贝以后发现不能用
查看wget版本是否一致
[root@ceph03 ~]# wget -V
GNU Wget 1.14 built on linux-gnu.

+digest +https +ipv6 +iri +large-file +nls +ntlm +opie +ssl/openssl

Wgetrc:
/etc/wgetrc (system)
Locale: /usr/share/locale
Compile: gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/etc/wgetrc"
-DLOCALEDIR="/usr/share/locale" -I. -I../lib -I../lib -O2 -g -pipe
-Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong
--param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic
Link: gcc -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector-strong --param=ssp-buffer-size=4
-grecord-gcc-switches -m64 -mtune=generic -lssl -lcrypto
/usr/lib64/libssl.so /usr/lib64/libcrypto.so /usr/lib64/libz.so
-ldl -lz -lz -lidn -luuid -lpcre ftp-opie.o openssl.o http-ntlm.o
../lib/libgnu.a

Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
< http://www.gnu.org/licenses/gpl.html> .
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Originally written by Hrvoje Niksic < hniksic@xemacs.org> .
Please send bug reports and questions to < bug-wget@gnu.org> .



3.1绕过证书
加参数
--no-check-certificate (绕过证书)

--ca-certificate=FILE (指定证书位置)
默认证书位置/etc/pki/tls/cert.pem
3.2证书无法绕过,更新证书
yum install -y ca-certificates //安装证书




【#yyds干货盘点#wget/curl等ca证书失效问题解决办法】发现这样几个文件都发生改变,证书不是由一个文件控制的,而是多个文件

    推荐阅读