gpt4 book ai didi

ubuntu - 通过 cURL 发送 Pushkit 通知 - curl : (60) SSL certificate problem: unable to get local issuer certificate

转载 作者:行者123 更新时间:2023-12-04 19:07:14 30 4
gpt4 key购买 nike

我用 cURL向 Apple 发送 pushkit 通知。我的 Rails 代码如下所示:curl --http2 -v -d '#{payload.to_json}' --cert #{pem} #{pushkit_base_uri}/#{registration_id}自 20201 年 1 月 19 日以来,在 Ubuntu 上运行此命令一直返回以下内容:

...
...
...

* SSL certificate problem: unable to get local issuer certificate
* stopped the pause stream!
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
到目前为止,我已经尝试了以下解决方案:
  • update-ca-certificates (文档 here )
  • 列出的解决方案here

  • 我还不能让它工作。任何帮助表示赞赏,如果我找到解决方案,我会更新这篇文章。

    最佳答案

    滚动到 TLDR 的末尾;
    通过运行 awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}' < /etc/ssl/certs/ca-certificates.crt | less我们能够查看我们的操作系统信任的所有权限的列表。

    ...
    ...
    ...
    subject=C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Trusted Network CA
    subject=C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Trusted Network CA 2
    subject=C = EU, L = Madrid (see current address at www.camerfirma.com/address), serialNumber = A82743287, O = AC Camerfirma S.A., CN = Chambers of Commerce Root - 2008
    subject=C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
    subject=O = "Cybertrust, Inc", CN = Cybertrust Global Root
    subject=C = DE, O = D-Trust GmbH, CN = D-TRUST Root Class 3 CA 2 2009
    subject=C = DE, O = D-Trust GmbH, CN = D-TRUST Root Class 3 CA 2 EV 2009
    subject=O = Digital Signature Trust Co., CN = DST Root CA X3
    ...
    ...
    ...
    通过打开 api.push.apple.com在 Firefox 中,我们可以检查他们的证书。
    Apple Certificate Details on Firefox
    根据您的浏览器上次更新它的 CA 商店的时间,该站点可能显示为安全的,也可能不显示为安全的。我们看到 Apple IST CA 2 - G1证书由 GeoTrust Global CA 颁发.在我们的操作系统中搜索受信任的 CA 列表时,这两个术语都不会返回任何结果。
    解决问题,我们可以下载 api-push-apple-com-chain.pem女仆由 Firefox 提供,然后在制作我们的 cURL 时使用它请求为: curl --cacert '#{ca_cert}' --http2 -v -d ...虽然这解决了我们的问题并且我们的请求成功了,但我们可以继续尝试了解为什么这个问题开始出现。看 /etc/ca-certificates.conf我们发现有几个 GeoTrust CA 被标记为不可信。 (注意行首的爆炸声)
    ...
    ...
    !mozilla/GeoTrust_Global_CA.crt
    !mozilla/GeoTrust_Primary_Certification_Authority.crt
    mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt
    !mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt
    !mozilla/GeoTrust_Universal_CA.crt
    !mozilla/GeoTrust_Universal_CA_2.crt
    ...
    ...
    在一些谷歌搜索中,我们发现了这个 ticket这个 wiki .

    In accordance with the consensus proposal that was adopted in 2017, Mozilla began to distrust Symantec (including GeoTrust, RapidSSL, and Thawte) certificates issued before 1-June 2016 starting in Firefox 60, and plans to distrust Symantec certificates regardless of the date of issuance starting in Firefox 64, unless they are issued by whitelisted subordinate CAs that have the following SHA-256 Subject Public Key hashes (subjectPublicKeyInfo):


    它还包括列入白名单的 Apple 证书列表:
    c0554bde87a075ec13a61f275983ae023957294b454caf0a9724e3b21b7935bc
    56e98deac006a729afa2ed79f9e419df69f451242596d2aaf284c74a855e352e
    7289c06dedd16b71a7dcca66578572e2e109b11d70ad04c2601b6743bc66d07b
    fae46000d8f7042558541e98acf351279589f83b6d3001c18442e4403d111849
    b5cf82d47ef9823f9aa78f123186c52e8879ea84b0f822c91d83e04279b78fd5
    e24f8e8c2185da2f5e88d4579e817c47bf6eafbc8505f0f960fd5a0df4473ad3
    3174d9092f9531c06026ba489891016b436d5ec02623f9aafe2009ecc3e4d557
    这使我们可以在 Firefox 上安全地打开 URL。 (由于某种原因不在 Firefox 开发者版本上)
    TLDR:使用 attached file--cacert与您的 cURL命令。

    关于ubuntu - 通过 cURL 发送 Pushkit 通知 - curl : (60) SSL certificate problem: unable to get local issuer certificate,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/66098082/

    30 4 0
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com