Linux system add root certificate Linux certificate trust list

Source: Internet
Author: User

1.linux access to HTTPS certificate issues

[[Email protected] ~]# curl -v https://mobile.mycard520.com.tw* about to  connect ()  to mobile.mycard520.com.tw port 443  (#0) *   trying  220.130.127.122... connected* Connected to mobile.mycard520.com.tw  ( 220.130.127.122)  port 443  (#0) * initializing nss with certpath: sql:/ etc/pki/nssdb*   cafile: /etc/pki/tls/certs/ca-bundle.crt  capath: none*  Certificate is signed by an untrusted issuer:  ' Cn=twca secure  SSL CERTIFICATION AUTHORITY,OU=SECURE SSL SUB-CA,O=TAIWAN-CA,C=TW ' * NSS  error -8172* closing connection  #0 * peer certificate cannot be  authenticated with known ca certificatescurl:  ( Peer certificate ) Cannot be authenticated with known ca certificatesmore details here: http://curl.haxx.se/docs/ Sslcerts.htmlcurl performs ssl certificate verification by default, using  a  bundle  of Certificate Authority  (CA)  public keys  (ca  certs).  if the default bundle file isn ' t adequate, you can  Specify an alternate file using the --cacert option. if this https server uses a certificate signed by a ca  represented in the bundle, the certificate verification probably  failed due to a problem with the certificate  (it might be  expired, or the name might not match the domain name  In the url). If you ' d like to Turn off curl ' s verification of the certificate, use the -k  (or --insecure)  option.


2. Existing certificate Twca.cer needs to be added to the Linux certificate trust list

Related certificate conversions See also: http://netkiller.github.io/cryptography/openssl/format.html

#转换格式. cer to. Pemopenssl x509-inform der-in twca.cer-out twca.pem# append to trust list cat Twca.pem >>/etc/pki/tls/certs/ca-b Undle.crt


3. Access succeeded after adding

[[email protected] certs]# curl -v https://mobile.mycard520.com.tw/billing/ Receive.aspx* about to connect ()  to mobile.mycard520.com.tw port 443  ( #0) *   trying 220.130.127.122... connected* connected to  mobile.mycard520.com.tw  (220.130.127.122)  port 443  (#0) * initializing nss  With certpath: sql:/etc/pki/nssdb*   cafile: /etc/pki/tls/certs/ca-bundle.crt   capath: none* ssl connection using ssl_rsa_with_rc4_128_md5* server  certificate:*       subject: cn=mobile.mycard520.com.tw,ou=it,o= soft-world international corporation,l=kaohsiung,st=taiwan,c=tw*        start date: Apr 29 03:21:58 2015 GMT*        expire date: nov 12 15:59:59 2017 gmt*       common name:  Mobile.mycard520.com.tw*       issuer: cn=twca secure ssl  certification authority,ou=secure ssl sub-ca,o=taiwan-ca,c=tw> get /billing/ receive.aspx http/1.1> user-agent: curl/7.19.7  (X86_64-REDHAT-LINUX-GNU)  libcurl/ 7.19.7 nss/3.13.1.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2> host:  mobile.mycard520.com.tw> accept: */*> < http/1.1 200 ok<  Cache-control: private< content-type: application/json;charset=utf-8< date: tue ,  16 jun 2015 02:52:04 gmt< content-length: 18< set-cookie:  NSC_Npcjmf-XfcQ*80=ffffffffaf181f5345525d5f4f58455e445a4a423660;path=/;httponly< *  connection  #0  to host mobile.mycard520.com.tw left intact* closing connection  #0 {  "ResultCode": 0 

Reference: http://segmentfault.com/a/1190000002569859

Linux system add root certificate Linux certificate trust list

Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.