개발서버에 공인 인증서를 설치하는 것은 부담스럽다. 따라서 10년에서 30년짜리 사설 인증서를 일반적으로 따로 설치해서 사용한다. 

curl로 https 요청하면  SSL certificate problem: Invalid certificate chain 에러가 발생한다.


$> curl 'https:/1.1.1.1/aaaaa'


curl: (60) SSL certificate problem: Invalid certificate chain

More details here: http://curl.haxx.se/docs/sslcerts.html


curl performs SSL certificate verification by default, using a "bundle"

 of Certificate Authority (CA) public keys (CA certs). If the default

 bundle file isn't adequate, you can specify an alternate file

 using the --cacert option.

If this HTTPS server uses a certificate signed by a CA represented in

 the bundle, the certificate verification probably failed due to a

 problem with the certificate (it might be expired, or the name might

 not match the domain name in the URL).

If you'd like to turn off curl's verification of the certificate, use

 the -k (or --insecure) option.




쉽게 해결하려면 -k 추가 하면 된다. insecure 하게 통신하게 하도록 하도록 옵션을 주다. 


-k, --insecure

(SSL) This option explicitly allows curl to perform "insecure" SSL connections and transfers. All SSL connections are attempted to be made secure by using the CA certificate bundle installed by default. This makes all connections considered "insecure" fail unless -k, --insecure is used.

See this online resource for further details: http://curl.haxx.se/docs/sslcerts.html



$> curl  -k 'https:/1.1.1.1/aaaaa'



Posted by '김용환'
,