[jonathan@pd920 ca]$ curl --cert ClientCA.pem https://localhost/t.txt
Enter PEM pass phrase: <-- 輸入 ClientCA 的密碼
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). The default
bundle is named curl-ca-bundle.crt; you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
[jonathan@pd920 ca]$
[jonathan@pd920 ca]$ curl --insecure --cert ClientCA.pem https://localhost/t.txt
Enter PEM pass phrase: <-- 輸入 ClientCA 的密碼
test
[jonathan@pd920 jonathan]$ curl --conf testcurl.conf -v
* About to connect() to mail.ichiayi.com port 443
* Trying 220.130.131.239... connected
* Connected to mail.ichiayi.com (220.130.131.239) port 443
* successfully set certificate verify locations:
* CAfile: RootCA.crt
CApath: none
* SSLv2, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS handshake, Server key exchange (12):
SSLv3, TLS handshake, Request CERT (13):
SSLv3, TLS handshake, Server finished (14):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS handshake, Client key exchange (16):
SSLv3, TLS handshake, CERT verify (15):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
* subject: /C=TW/ST=Taiwan/L=Taipei/O=Trysoft Corp./CN=mail.ichiayi.com/[email protected]
* start date: 2008-08-19 09:15:22 GMT
* expire date: 2010-08-19 09:15:22 GMT
* common name: mail.ichiayi.com (matched)
* issuer: /C=TW/ST=Taiwan/L=Taipei/O=Trysoft Corp./[email protected]
* SSL certificate verify ok.
> GET /t.txt HTTP/1.1
> User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
> Host: mail.ichiayi.com
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Fri, 22 Aug 2008 02:04:49 GMT
< Server: Apache/2.2.3 (CentOS)
< Last-Modified: Thu, 14 Aug 2008 09:26:22 GMT
< ETag: "2304c2-5-4546819248b80"
< Accept-Ranges: bytes
< Content-Length: 5
< Vary: Accept-Encoding
< Connection: close
< Content-Type: text/plain; charset=UTF-8
test
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):