【原创】巧妙解决WGET/CURL故障——CA证书不可信

Linux操作系统下有三宝：WGET、CURL、Aria2，他们统统都是用来下载文件的神器。可是偏偏有这么一种故障，他让我们如鲠在喉，他就是——ERROR: The certificate of is not trusted

究其原因，还是因为互联网实在太庞大、太冗杂，为了数据的传输安全，我们使用到一个新的技术——超文本传输安全协议。

超文本传输协议HTTPS，是HTTP Over TLS 的一个缩写，HTTPS经由HTTP进行传输通讯，其中利用到了SSL/TLS对数据包加密，以及CA证书技术，保证了数据传输的安全。

但是，偏偏有这么一种情况——服务器运行的是较旧的软件操作系统，无法识读新的CA证书，这时再次执行下载命令的时候，就会出现如下报错：

[root@localhost ~]# wget https://soft.mengclaw.com/TestFile/5MB.Test
--2018-06-01 15:18:59--  https://soft.mengclaw.com/TestFile/5MB.Test
Resolving soft.mengclaw.com... 89.208.252.123
Connecting to soft.mengclaw.com|89.208.252.123|:443... connected.
ERROR: cannot verify soft.mengclaw.com's certificate, issued by `/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3':
  Unable to locally verify the issuer's authority.
ERROR: certificate common name `www.cnfurry.com' doesn't match requested host name `soft.mengclaw.com'.
To connect to soft.mengclaw.com insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.

[root@localhost ~]# wget https://soft.mengclaw.com/TestFile/5MB.Test

--2018-06-01 15:18:59-- https://soft.mengclaw.com/TestFile/5MB.Test

Resolving soft.mengclaw.com... 89.208.252.123

Connecting to soft.mengclaw.com|89.208.252.123|:443... connected.

ERROR: cannot verify soft.mengclaw.com's certificate, issued by `/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3':

Unable to locally verify the issuer's authority.

ERROR: certificate common name `www.cnfurry.com' doesn't match requested host name `soft.mengclaw.com'.

To connect to soft.mengclaw.com insecurely, use `--no-check-certificate'.

Unable to establish SSL connection.

这时我们就要祭出大宝贝（咳咳），我们就要用到一个神秘的软件包：CA-Certificates

前提条件：
操作系统：CentOS6+/Debian7+/Ubuntu12+

1、以root账户登陆，防止系统过于精简，先更新系统软件源：

yum update -y
# CentOS系统 用这个
 
apt-get update -y
# Debian/Ubuntu系统 用这个

yum update -y

# CentOS系统用这个

apt-get update -y

# Debian/Ubuntu系统用这个

2、安装CA-Certificates

yum install -y ca-certificates
# CentOS系统 用这个

apt-get install -y ca-certificates
# Debian/Ubuntu系统 用这个

yum install -y ca-certificates

# CentOS系统用这个

apt-get install -y ca-certificates

# Debian/Ubuntu系统用这个

3、安装结束，再次下载文件测试：

[root@localhost ~]# https://soft.mengclaw.com/TestFile/5MB.Test
-bash: https://soft.mengclaw.com/TestFile/5MB.Test: No such file or directory
[root@CT811 ~]# wget https://soft.mengclaw.com/TestFile/5MB.Test
--2018-06-01 08:46:25--  https://soft.mengclaw.com/TestFile/5MB.Test
Resolving soft.mengclaw.com... 89.208.252.123
Connecting to soft.mengclaw.com|89.208.252.123|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 5242880 (5.0M) [application/octet-stream]
Saving to: `5MB.Test'

100%[===================================================================>] 5,242,880    998K/s   in 5.1s    

2018-06-01 08:46:30 (1003 KB/s) - `5MB.Test' saved [5242880/5242880]

[root@localhost ~]# https://soft.mengclaw.com/TestFile/5MB.Test

-bash: https://soft.mengclaw.com/TestFile/5MB.Test: No such file or directory

[root@CT811 ~]# wget https://soft.mengclaw.com/TestFile/5MB.Test

--2018-06-01 08:46:25-- https://soft.mengclaw.com/TestFile/5MB.Test

Resolving soft.mengclaw.com... 89.208.252.123

Connecting to soft.mengclaw.com|89.208.252.123|:443... connected.

HTTP request sent, awaiting response... 200 OK

Length: 5242880 (5.0M) [application/octet-stream]

Saving to: `5MB.Test'

100%[===================================================================>] 5,242,880 998K/s in 5.1s

2018-06-01 08:46:30 (1003 KB/s) - `5MB.Test' saved [5242880/5242880]

测试通过，问题解决。

发表回复 取消回复

发表回复取消回复