我在Windows机器上,运行Docker。 Docker映像为FROM php:7.3-apache
。
与
系统:Linux b6df004de9df 4.9.184-linuxkit#1 SMP Tue Jul 2 22:58:16UTC 2019 x86_64
已在Composer版本1.9.0 2019-08-02中成功将Composer安装在此容器中。
现在,我进入容器的bash
,并输入了一个命令[[$ composer init,该命令成功运行并初始化了该Composer,但是,在$ composer install命令中,它给出了一个错误] >[Composer \ Downloader \ TransportException]不能使用“ https://repo.packagist.org/packages.json”文件下载:SSL操作失败,代码为1。打开SSL错误消息:错误:1416F086:SSL例程:tls_process_server_certificate:证书验证失败无法启用加密,无法打开流:操作失败
正如我所看到的,它是证书的OpenSSL错误,我试图获取确切的错误:
root @ b6df004de9df:/ var / www / html / my_JSON_proj#openssl s_client-connect www.google.com:443 CONNECTED(00000003)depth = 2 C =美国,ST =加利福尼亚,O = Zscaler Inc.,OU = Zscaler Inc.,CN = Zscaler中级根CA(zscalertwo.net),emailAddress [email protected]验证错误:num = 20:无法获取本地发行者证书
再次确认,我再次尝试:
root @ b6df004de9df:/ var / www / html / my_JSON_proj#curlhttps://google.com卷曲:(60)SSL证书问题:无法获取本地颁发者证书
Openssl版本:OpenSSL 1.1.0k 2019年5月28日
<< openssl_get_cert_locations的输出>>():
array(8) {
["default_cert_file"]=> "/usr/lib/ssl/cert.pem"
["default_cert_file_env"]=> "SSL_CERT_FILE"
["default_cert_dir"]=> "/usr/lib/ssl/certs"
["default_cert_dir_env"]=> "SSL_CERT_DIR"
["default_private_dir"]=> "/usr/lib/ssl/private"
["default_default_cert_area"]=> "/usr/lib/ssl"
["ini_cafile"]=> ""
["ini_capath"]=> ""
}
所以要解决这个问题[[我尝试过的解决方案
我创建了我的本地主机证书参考:https://www.digicert.com/ssl-support/openssl-quick-reference-guide.htm#:~:targetText=OpenSSL%20is%20an%20open%2Dsource,and%20how%20to%20use%20them。但不确定何时将该证书放在
/ usr / local / share / ca-certifcates /
文件夹中并尝试
编辑了我的[[/usr/local/etc/php/php.ini
要添加的php配置文件curl.cainfo="/usr/local/share/ca-certificates/localhost.pem"
openssl.cafile = "/usr/local/share/ca-certificates/localhost.pem"
只是找到-同样的错误我一直没有运气尝试过。我已经从字面上扫描了几乎所有与curl,OpenSSL,SSL,Docker等有关的堆栈溢出帖子,但找不到答案。
进一步的更新和发现
wget http://curl.haxx.se/ca/cacert.pem
下载一种不安全的方法来获取pem文件,并且输出为:root@b6df004de9df:/usr/local/etc/openssl# wget http://curl.haxx.se/ca/cacert.pem
--2019-11-08 10:21:30-- http://curl.haxx.se/ca/cacert.pem
Resolving curl.haxx.se (curl.haxx.se)... 151.101.38.49, 2a04:4e42:9::561
Connecting to curl.haxx.se (curl.haxx.se)|151.101.38.49|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://curl.haxx.se/ca/cacert.pem [following]
--2019-11-08 10:21:31-- https://curl.haxx.se/ca/cacert.pem
Connecting to curl.haxx.se (curl.haxx.se)|151.101.38.49|:443... connected.
ERROR: The certificate of 'curl.haxx.se' is not trusted.
ERROR: The certificate of 'curl.haxx.se' hasn't got a known issuer.
curl.cainfo: /usr/local/etc/openssl/cacert.pem
&openssl.cafile: /usr/local/etc/openssl/cacert.pem
仍然-curl:(60)SSL证书问题:无法获取本地发行者证书根据“ openssl_get_cert_locations()”,将curl.cainfo和openssl.cafile更新为php.ini,并将“ /usr/lib/ssl/cert.pem”作为其“ default_cert_file”。重新启动apache服务器。尝试过
curl https://www.google.com
-仍然卷曲:(60)SSL证书问题:无法获取本地发行者证书
/usr/local/ssl
。在该文件夹中创建了cacert.pem文件。使用此新的更新路径更新了php.ini中的curl.cainfo和openssl.cafile条目。为了安全起见,以防万一,请执行update-ca-certificates --fresh
。重新启动Apache服务器。尝试过curl https://www.google.com
-仍然卷曲:(60)SSL证书问题:无法获取本地发行者证书
root@b6df004de9df:/usr/lib/ssl/certs# curl https://thawte.com
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
root@b6df004de9df:/usr/lib/ssl/certs# openssl s_client -connect thawte.com:443
CONNECTED(00000003)
depth=2 C = US, ST = California, O = Zscaler Inc., OU = Zscaler Inc., CN = Zscaler Intermediate Root CA (zscalertwo.net)
, emailAddress = [email protected]
verify error:num=20:unable to get local issuer certificate
---
Certificate chain
0 s:/businessCategory=Private Organization/jurisdictionC=US/jurisdictionST=Utah/serialNumber=5299537-0142/C=US/ST=Utah/
L=Lehi/O=DigiCert, Inc./OU=IT/CN=thawte.com
i:/C=US/ST=California/O=Zscaler Inc./OU=Zscaler Inc./CN=Zscaler Intermediate Root CA (zscalertwo.net) (t)
1 s:/C=US/ST=California/O=Zscaler Inc./OU=Zscaler Inc./CN=Zscaler Intermediate Root CA (zscalertwo.net) (t)
i:/C=US/ST=California/O=Zscaler Inc./OU=Zscaler Inc./CN=Zscaler Intermediate Root CA (zscalertwo.net)/emailAddress=su
[email protected]
2 s:/C=US/ST=California/O=Zscaler Inc./OU=Zscaler Inc./CN=Zscaler Intermediate Root CA (zscalertwo.net)/emailAddress=su
[email protected]
i:/C=US/ST=California/L=San Jose/O=Zscaler Inc./OU=Zscaler Inc./CN=Zscaler Root CA/[email protected]
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGpzCCBY+gAwIBAgIQv2zANBgkqhkiG9w0XcVFbs+k59YwRwR4v+pBAQsFADCB
jTELMAkMxEzARBgNVBAgGA1UEBhMCVVTCkNhbGlmb3JuaWExFTATBgNVBAoTDFpz
... few more lines ...
vxrc40H5bMPW/NgnBjRtUEPnAx9b3ll/sj3KfhbxU0bgnEYNMLb+nwnK6NDZRFpC
5E3fG+TFc9ehaBcF5xWttKz28Wr2nUUhMLhC
-----END CERTIFICATE-----
subject=/businessCategory=Private Organization/jurisdictionC=US/jurisdictionST=Utah/serialNumber=5299537-0142/C=US/ST=Ut
ah/L=Lehi/O=DigiCert, Inc./OU=IT/CN=thawte.com
issuer=/C=US/ST=California/O=Zscaler Inc./OU=Zscaler Inc./CN=Zscaler Intermediate Root CA (zscalertwo.net) (t)
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4270 bytes and written 326 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.0, Cipher is ECDHE-RSA-AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-SHA
Session-ID:
Session-ID-ctx:
Master-Key: 06D54188D4F60C7746664262F72361EFE8DC728E9D37FDB25641A28C226DE83C3C574C781A0E4A268A7AEB6187EF54BF
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1573209517
Timeout : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)
Extended master secret: no
---
read:errno=0
3。在不安全模式下使用wget(不建议)-使用标志--no-check-certificate