curl: SSL certificate issue: self signed certificate

2018-06-10 14:44:51

I am trying to use "curl" command in ubuntu machine to connect to https request. The https request API has been configure using tomcat server in ubuntu machine. On running the below command, I receive this error: SSL: certificate subject name does not match target host name. As I am having the naive knowledge about linux system, looking for ways to resolve this certificate issue.

Also, please note SSL enabled tomcat server has 3 certs at path : /usr/local/apache-tomcat-7.0.79/conf/chain.pem, /usr/local/apache-tomcat-7.0.79/conf/rootCA.pem, /usr/local/apache-tomcat-7.0.79/conf/cacerts

Also, I can't use curl -k as I need SSL enabled for my application.

System Information: Linux host 3.13.0-126-generic #175-Ubuntu SMP Thu Jul 20 17:33:56 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

curl -v "https://username:password@by-host:8080/project_name/rest/entity/path"

Output

curl: /usr/local/lib/libcurl.so.4: no version information available (required by curl) * Trying 127.0.0.1... * Connected to by-dfirods0 (127.0.0.1) port 8080 (#0) * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (OUT), TLS alert, Server hello (2): * SSL certificate problem: self signed certificate * Closing connection 0 curl: (60) SSL certificate problem: self signed certificate More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.

链接地址: http://www.djcxy.com/p/31292.html

上一篇: 有角度的HTML绑定

下一篇: curl：SSL证书问题：自签名证书