- 1石头剪刀布程序流程图_连“石头剪刀布”,人类也玩不过AI了
- 2Python基于OpenCV的工作疲劳检测系统[源码&UI界面&部署教程]_基于python的毕业设计)基于opencv的疲劳检测系统(django)(源码+说明+演示视频).
- 3Uniapp: 原生Android插件开发调试打包详细历程 --- 不再为付费插件买单(例:安卓原生 TCPSocket 连接通信插件实现)_uniapp tcp通信
- 4还在用按键精灵?快学学高大上的Python吧之二_pyautogui和按键精灵对比
- 5springboot整合vosk实现简单的语音识别功能
- 6基于微信小程序的毕业设计题目(11)php校园食堂餐厅预约订座小程序(含开题报告、任务书、中期报告、答辩PPT、论文模板)_校园订餐开题答辩ppt
- 7go 限流器 rate
- 8uniapp微信小程序progress渐变色_uniapp 进度条渐变
- 9spring el表达式---基础接口及基础语法_spring el 接口参数
- 10三坐标测量机|全自主研发,实现高精度三维尺寸测量
服务器证书验证失败。 CAfile:/etc/ssl/certs/ca-certificates.crt CRLfile:无_cafile: /etc/ssl/certs/ca-certificates.crt crlfile
赞
踩
本文翻译自:server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
I can push by clone project using ssh, but it doesn't work when I clone project with https. 我可以使用ssh推送克隆项目,但是当我使用https克隆项目时,它不起作用。
The error message that shows me is: 显示我的错误消息是:
server certificate verification failed. CAfile: /etc/ssl/certs/cacertificates.crt CRLfile: none
#1楼
参考:https://stackoom.com/question/1qScL/服务器证书验证失败-CAfile-etc-ssl-certs-ca-certificates-crt-CRLfile-无
#2楼
TLDR: TLDR:
- hostname=XXX
- port=443
- trust_cert_file_location=`curl-config --ca`
-
- sudo bash -c "echo -n | openssl s_client -showcerts -connect $hostname:$port \
- 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' \
- >> $trust_cert_file_location"
Long answer 长答案
The basic reason is that your computer doesn't trust the certificate authority that signed the certificate used on the Gitlab server . 根本原因是您的计算机不信任对Gitlab服务器上使用的证书进行签名的证书颁发机构 。 This doesn't mean the certificate is suspicious, but it could be self-signed or signed by an institution/company that isn't in the list of your OS's list of CAs. 这并不意味着证书可疑,但是它可以是自签名的,也可以由不在您的操作系统的CA列表中的机构/公司签名。 What you have to do to circumvent the problem on your computer is telling it to trust that certificate - if you don't have any reason to be suspicious about it. 要避免计算机上的问题,必须做的就是告诉它信任该证书-如果您没有任何理由对此证书表示怀疑。
You need to check the web certificate used for your gitLab server, and add it to your </git_installation_folder>/bin/curl-ca-bundle.crt . 您需要检查用于gitLab服务器的Web证书,并将其添加到</git_installation_folder>/bin/curl-ca-bundle.crt 。
To check if at least the clone works without checking said certificate, you can set: 要检查至少克隆是否可以正常工作而不检查所述证书,可以设置:
- export GIT_SSL_NO_VERIFY=1
- #or
- git config --global http.sslverify false
But that would be for testing only, as illustrated in " SSL works with browser, wget, and curl, but fails with git ", or in this blog post . 但这仅用于测试,如“ SSL可与浏览器,wget和curl配合使用,但对git失败 ”所示,或在本博客文章中说明 。
Check your GitLab settings, a in issue 4272 . 检查您的GitLab设置( 问题4272) 。
To get that certificate (that you would need to add to your curl-ca-bundle.crt file), type a: 要获取该证书(您需要将其添加到curl-ca-bundle.crt文件中),请键入:
- echo -n | openssl s_client -showcerts -connect yourserver.com:YourHttpGilabPort \
- 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
(with ' yourserver.com ' being your GitLab server name) (以“ yourserver.com ”为您的GitLab服务器名称)
To check the CA (Certificate Authority issuer), type a: 要检查CA(证书颁发机构颁发者),请键入:
- echo -n | openssl s_client -showcerts -connect yourserver.com:YourHttpGilabPort \
- 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' \
- | openssl x509 -noout -text | grep "CA Issuers" | head -1
Note: Valeriy Katkov suggests in the comments to add -servername option to the openssl command, otherwise the command isn't showed certificate for www.github.com in Valeriy's case. 注意: Valeriy Katkov建议在注释中为-servername命令添加-servername选项,否则在Valeriy的情况下,该命令不会显示www.github.com的证书。
openssl s_client -showcerts -servername www.github.com -connect www.github.com:443
Findekano adds in the comments : Findekano添加了评论 :
to identify the location of
curl-ca-bundle.crt, you could use the command 要确定curl-ca-bundle.crt的位置,可以使用以下命令
curl-config --ca
Also, see my more recent answer " github: server certificate verification failed ": you might have to renistall those certificates: 另外,请参阅我最近的答案“ github:服务器证书验证失败 ”:您可能必须放弃所有这些证书:
- sudo apt-get install --reinstall ca-certificates
- sudo mkdir /usr/local/share/ca-certificates/cacert.org
- sudo wget -P /usr/local/share/ca-certificates/cacert.org http://www.cacert.org/certs/root.crt http://www.cacert.org/certs/class3.crt
- sudo update-ca-certificates
- git config --global http.sslCAinfo /etc/ssl/certs/ca-certificates.crt
#3楼
Note: This has major security implications. 注意:这具有重大的安全隐患。
Open your terminal and run following command: 打开终端并运行以下命令:
export GIT_SSL_NO_VERIFY=1
It works for me and I am using Linux system. 它对我有用,我正在使用Linux系统。
#4楼
Another cause of this problem might be that your clock might be off. 造成此问题的另一个原因可能是您的时钟关闭了。 Certificates are time sensitive. 证书是时间敏感的。
To check the current system time: 要检查当前系统时间:
date -R
You might consider installing NTP to automatically sync the system time with trusted internet timeservers from the global NTP pool . 您可能会考虑安装NTP,以自动将系统时间与全局NTP池中的受信任的Internet时间服务器同步。 For example, to install on Debian/Ubuntu: 例如,要在Debian / Ubuntu上安装:
apt-get install ntp
#5楼
GIT_CURL_VERBOSE=1 git [clone|fetch]…
should tell you where the problem is. 应该告诉您问题出在哪里。 In my case it was due to cURL not supporting PEM certificates when built against NSS, due to that support not being mainline in NSS ( #726116 #804215 #402712 and more ). 在我的情况下,它是由于卷曲时对NSS内置不支持PEM证书,由于NSS的支持不是主线( #726116 #804215 #402712 和 更多 )。
#6楼
Had same problem. 有同样的问题。 Caused by self issued certificate authority. 由自我颁发的证书颁发机构引起。 Solved it by adding .pem file to /usr/local/share/ca-certificates/ and calling 通过将.pem文件添加到/ usr / local / share / ca-certificates /并解决
sudo update-ca-certificates
PS: pem file in folder ./share/ca-certificates MUST have extension .crt PS:文件夹./share/ca-certificates中的pem文件必须具有扩展名.crt
