使用curl访问https

近期在wosign申请一个OV证书，部署到nginx服务器中，通过浏览器访问，一切正常，但是在linux下用curl访问就会报告错误

curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:

error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"

 of Certificate Authority (CA) public keys (CA certs). The default

 bundle is named curl-ca-bundle.crt; you can specify an alternate file

 using the --cacert option.

If this HTTPS server uses a certificate signed by a CA represented in

 the bundle, the certificate verification probably failed due to a

 problem with the certificate (it might be expired, or the name might

 not match the domain name in the URL).

If you'd like to turn off curl's verification of the certificate, use

 the -k (or --insecure) option.

很明显，验证证书的时候出现问题

经过原因查找，应该是本地ssl判别证书太旧，导致报ssl证书错误

下载新的ssl本地判别文件

wget http://curl.haxx.se/ca/cacert.pem

放到默认目录并更名为ca-bundle.crt   /etc/pki/tls/certs/ca-bundle.crt

或者curl  --cacert cacert.pem 方式指定调用

一切淡定~~~~~~