Linux system add root certificate Linux certificate trust list

1.linux access to HTTPS certificate issues

[[Email protected] ~]# curl -v https://mobile.mycard520.com.tw* about to  connect ()  to mobile.mycard520.com.tw port 443  (#0) *   trying  220.130.127.122... connected* Connected to mobile.mycard520.com.tw  ( 220.130.127.122)  port 443  (#0) * initializing nss with certpath: sql:/ etc/pki/nssdb*   cafile: /etc/pki/tls/certs/ca-bundle.crt  capath: none*  Certificate is signed by an untrusted issuer:  ' Cn=twca secure  SSL CERTIFICATION AUTHORITY,OU=SECURE SSL SUB-CA,O=TAIWAN-CA,C=TW ' * NSS  error -8172* closing connection  #0 * peer certificate cannot be  authenticated with known ca certificatescurl:  ( Peer certificate ) Cannot be authenticated with known ca certificatesmore details here: http://curl.haxx.se/docs/ Sslcerts.htmlcurl performs ssl certificate verification by default, using  a  bundle  of Certificate Authority  (CA)  public keys  (ca  certs).  if the default bundle file isn ' t adequate, you can  Specify an alternate file using the --cacert option. if this https server uses a certificate signed by a ca  represented in the bundle, the certificate verification probably  failed due to a problem with the certificate  (it might be  expired, or the name might not match the domain name  In the url). If you ' d like to Turn off curl ' s verification of the certificate, use the -k  (or --insecure)  option.

2. Existing certificate Twca.cer needs to be added to the Linux certificate trust list

Related certificate conversions See also: http://netkiller.github.io/cryptography/openssl/format.html

#转换格式. cer to. Pemopenssl x509-inform der-in twca.cer-out twca.pem# append to trust list cat Twca.pem >>/etc/pki/tls/certs/ca-b Undle.crt

3. Access succeeded after adding

[[email protected] certs]# curl -v https://mobile.mycard520.com.tw/billing/ Receive.aspx* about to connect ()  to mobile.mycard520.com.tw port 443  ( #0) *   trying 220.130.127.122... connected* connected to  mobile.mycard520.com.tw  (220.130.127.122)  port 443  (#0) * initializing nss  With certpath: sql:/etc/pki/nssdb*   cafile: /etc/pki/tls/certs/ca-bundle.crt   capath: none* ssl connection using ssl_rsa_with_rc4_128_md5* server  certificate:*       subject: cn=mobile.mycard520.com.tw,ou=it,o= soft-world international corporation,l=kaohsiung,st=taiwan,c=tw*        start date: Apr 29 03:21:58 2015 GMT*        expire date: nov 12 15:59:59 2017 gmt*       common name:  Mobile.mycard520.com.tw*       issuer: cn=twca secure ssl  certification authority,ou=secure ssl sub-ca,o=taiwan-ca,c=tw> get /billing/ receive.aspx http/1.1> user-agent: curl/7.19.7  (X86_64-REDHAT-LINUX-GNU)  libcurl/ 7.19.7 nss/3.13.1.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2> host:  mobile.mycard520.com.tw> accept: */*> < http/1.1 200 ok<  Cache-control: private< content-type: application/json;charset=utf-8< date: tue ,  16 jun 2015 02:52:04 gmt< content-length: 18< set-cookie:  NSC_Npcjmf-XfcQ*80=ffffffffaf181f5345525d5f4f58455e445a4a423660;path=/;httponly< *  connection  #0  to host mobile.mycard520.com.tw left intact* closing connection  #0 {  "ResultCode": 0 

Reference: http://segmentfault.com/a/1190000002569859

Linux system add root certificate Linux certificate trust list