{"id":452,"date":"2021-03-04T15:31:01","date_gmt":"2021-03-04T07:31:01","guid":{"rendered":"https:\/\/www.orztip.com\/?p=452"},"modified":"2021-03-06T00:39:58","modified_gmt":"2021-03-05T16:39:58","slug":"centos-6-curl-nss-error-8179-with-digicert-ca","status":"publish","type":"post","link":"https:\/\/www.orztip.com\/?p=452&article_title=centos-6-curl-nss-error-8179-with-digicert-ca","title":{"rendered":"\u5982\u4f55\u89e3\u51b3CentOS 6\u65e0\u6cd5\u8bc6\u522bDigiCert\u6839CA\u8bc1\u4e66\u5bfc\u81f4Curl\u62a5\u201cNSS error -8179\u201d\u3001wget\u65e0\u6cd5\u4e0b\u8f7d\u95ee\u9898\uff1f"},"content":{"rendered":"\n<p><strong>\u95ee\u9898\uff1a<\/strong><\/p>\n\n\n\n<p>CentOS 6\u8bbf\u95ee\u90e8\u5206HTTPS\u7f51\u7ad9\u65f6\uff0cCurl\u62a5\u201cNSS error -8179\u201d\u3001wget\u65e0\u6cd5\u4e0b\u8f7d\u3002\u4f8b\u5b50\u5982\u4e0b\uff1a<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@test1 src]# wget https:\/\/www.php.net\/distributions\/php-8.0.2.tar.gz\n--2021-02-25 00:01:40--  https:\/\/www.php.net\/distributions\/php-8.0.2.tar.gz\nResolving www.php.net... 185.85.0.29\nConnecting to www.php.net|185.85.0.29|:443... connected.\nERROR: cannot verify www.php.net's certificate, issued by `\/C=US\/O=DigiCert Inc\/OU=www.digicert.com\/CN=Thawte TLS RSA CA G1':\n  Unable to locally verify the issuer's authority.\nTo connect to www.php.net insecurely, use `--no-check-certificate'.\n\n\n\n&#91;root@test1 src]# curl -v https:\/\/www.php.net\n* About to connect() to www.php.net port 443 (#0)\n*   Trying 185.85.0.29... connected\n* Connected to www.php.net (185.85.0.29) port 443 (#0)\n* Initializing NSS with certpath: sql:\/etc\/pki\/nssdb\n*   CAfile: \/etc\/pki\/tls\/certs\/ca-bundle.crt\n  CApath: none\n* Peer's certificate issuer is not recognized: 'CN=Thawte TLS RSA CA G1,OU=www.digicert.com,O=DigiCert Inc,C=US'\n* NSS error -8179\n* Closing connection #0\n* Peer certificate cannot be authenticated with known CA certificates\ncurl: (60) Peer certificate cannot be authenticated with known CA certificates\nMore details here: http:\/\/curl.haxx.se\/docs\/sslcerts.html\n\ncurl performs SSL certificate verification by default, using a \"bundle\"\n of Certificate Authority (CA) public keys (CA certs). If the default\n bundle file isn't adequate, you can specify an alternate file\n using the --cacert option.\nIf this HTTPS server uses a certificate signed by a CA represented in\n the bundle, the certificate verification probably failed due to a\n problem with the certificate (it might be expired, or the name might\n not match the domain name in the URL).\nIf you'd like to turn off curl's verification of the certificate, use\n the -k (or --insecure) option.<\/code><\/pre>\n\n\n\n<p><strong>\u539f\u56e0\uff1a<\/strong><\/p>\n\n\n\n<p>CentOS 6\u5185\u6ca1\u6709\u6700\u65b0\u7684DigiCert\u6839CA\u8bc1\u4e66\uff0c\u5bfc\u81f4\u8bbf\u95ee\u90e8\u5206HTTPS\u7f51\u7ad9\u51fa\u9519\u3002<\/p>\n\n\n\n<p><strong>\u89e3\u51b3\u65b9\u6cd5\uff1a<\/strong><\/p>\n\n\n\n<p>\uff081\uff09\u4eceDigiCert\u7f51\u7ad9\u4e0b\u8f7d\u5176\u6839CA\u8bc1\u4e66\u3002<\/p>\n\n\n\n<p>\u5730\u5740\uff1a<a href=\"https:\/\/www.digicert.com\/kb\/digicert-root-certificates.htm\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/www.digicert.com\/kb\/digicert-root-certificates.htm<\/a><\/p>\n\n\n\n<p>\u622a\u81f32020-03-04\uff0c\u9700\u4e0b\u8f7d\u7684\u6839CA\u8bc1\u4e66\u5217\u8868\u6709\uff1a<\/p>\n\n\n\n<p><em>\uff08A\uff09Baltimore CyberTrust Root<br>Valid until: 12\/May\/2025<br>Serial #: 02:00:00:B9<br>SHA1 Fingerprint: D4:DE:20:D0:5E:66:FC:53:FE:1A:50:88:2C:78:DB:28:52:CA:E4:74<br>SHA256 Fingerprint: 16:AF:57:A9:F6:76:B0:AB:12:60:95:AA:5E:BA:DE:F2:2A:B3:11:19:D6:44:AC:95:CD:4B:93:DB:F3:F2:6A:EB<\/em><\/p>\n\n\n\n<p><em>\uff08B\uff09DigiCert Global Root CA<br>Valid until: 10\/Nov\/2031<br>Serial #: 08:3B:E0:56:90:42:46:B1:A1:75:6A:C9:59:91:C7:4A<br>SHA1 Fingerprint: A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36<br>SHA256 Fingerprint: 43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96:62:BD:26:DB:25:7F:89:34:A4:43:C7:01:61<\/em><\/p>\n\n\n\n<p><em>\uff08C\uff09DigiCert Global Root G2<br>Valid until: 15\/Jan\/2038<br>Serial #: 03:3A:F1:E6:A7:11:A9:A0:BB:28:64:B1:1D:09:FA:E5<br>SHA1 Fingerprint: DF:3C:24:F9:BF:D6:66:76:1B:26:80:73:FE:06:D1:CC:8D:4F:82:A4<br>SHA256 Fingerprint: CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F<\/em><\/p>\n\n\n\n<p><em>\uff08D\uff09DigiCert Global Root G3<br>Valid until: 15\/Jan\/2038<br>Serial #: 05:55:56:BC:F2:5E:A4:35:35:C3:A4:0F:D5:AB:45:72<br>SHA1 Fingerprint: 7E:04:DE:89:6A:3E:66:6D:00:E6:87:D3:3F:FA:D9:3B:E8:3D:34:9E<br>SHA256 Fingerprint: 31:AD:66:48:F8:10:41:38:C7:38:F3:9E:A4:32:01:33:39:3E:3A:18:CC:02:29:6E:F9:7C:2A:C9:EF:67:31:D0<\/em><\/p>\n\n\n\n<p>\uff082\uff09\u5b89\u88c5\u5e76\u4f7f\u7528ca-certificates\u5de5\u5177\uff0c\u5c06\u4e0a\u8ff0\u6587\u4ef6\u66f4\u65b0\u5230CentOS 6\u7684\u6839CA\u8bc1\u4e66\u5217\u8868\u4e2d\u3002<\/p>\n\n\n\n<p>\u8be6\u7ec6\u65b9\u6cd5\u8be6\u89c1\uff1a<a href=\"https:\/\/www.orztip.com\/?p=449\" data-type=\"URL\" data-id=\"https:\/\/www.orztip.com\/?p=449\" target=\"_blank\" rel=\"noreferrer noopener\">\u300aCentOS\u6dfb\u52a0\u6839\u8bc1\u4e66\uff08\u6839CA\u8bc1\u4e66\uff09\u7684\u65b9\u6cd5\u300b<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u95ee\u9898\uff1a CentOS 6\u8bbf\u95ee\u90e8\u5206HTTPS\u7f51\u7ad9\u65f6\uff0cCurl\u62a5\u201cNSS error -8179\u201d\u3001wget\u65e0\u6cd5\u4e0b&hellip; <a class=\"more-link\" href=\"https:\/\/www.orztip.com\/?p=452&#038;article_title=centos-6-curl-nss-error-8179-with-digicert-ca\">\u7ee7\u7eed\u9605\u8bfb<span class=\"screen-reader-text\">\u5982\u4f55\u89e3\u51b3CentOS 6\u65e0\u6cd5\u8bc6\u522bDigiCert\u6839CA\u8bc1\u4e66\u5bfc\u81f4Curl\u62a5\u201cNSS error -8179\u201d\u3001wget\u65e0\u6cd5\u4e0b\u8f7d\u95ee\u9898\uff1f<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7,6],"tags":[13,100],"_links":{"self":[{"href":"https:\/\/www.orztip.com\/index.php?rest_route=\/wp\/v2\/posts\/452"}],"collection":[{"href":"https:\/\/www.orztip.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.orztip.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.orztip.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.orztip.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=452"}],"version-history":[{"count":4,"href":"https:\/\/www.orztip.com\/index.php?rest_route=\/wp\/v2\/posts\/452\/revisions"}],"predecessor-version":[{"id":456,"href":"https:\/\/www.orztip.com\/index.php?rest_route=\/wp\/v2\/posts\/452\/revisions\/456"}],"wp:attachment":[{"href":"https:\/\/www.orztip.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=452"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.orztip.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=452"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.orztip.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=452"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}