I get the following error running curl https://npmjs.org/install.sh | sh on Mac OSX 10.9 (Mavericks):
我在Mac OSX 10.9 (Mavericks)上运行curl https://npmjs.org/install.sh | sh会出现以下错误:
install npm@latest
curl: (60) SSL certificate problem: Invalid certificate chain
More details here: http://curl.haxx.se/docs/sslcerts.html
How do I fix this?
我怎么修复这个?
8 个解决方案
#1
65
Using the Safari browser (not Chrome, Firefox or Opera) on Mac OS X 10.9 (Mavericks) visit https://registry.npmjs.org
在Mac OS X 10.9 (Mavericks)上使用Safari浏览器(不是Chrome、Firefox或Opera)访问https://registry.npmjs.org。
Click the Show certificate button and then check the checkbox labelled Always trust. Then click Continue and enter your password if required.
单击Show certificate按钮,然后选中标有“始终信任”的复选框。然后单击“继续”并输入密码(如果需要的话)。
Curl should now work with that URL correctly.
Curl现在应该正确处理该URL。
#2
17
The problem is an expired intermediate certificate that is no longer used and must be deleted. Here is a blog post from Digicert explaining the issue and how to resolve it.
问题是一个过期的中间证书,它不再被使用,并且必须被删除。这是Digicert的一篇博客文章,解释这个问题以及如何解决它。
https://blog.digicert.com/expired-intermediate-certificate/
https://blog.digicert.com/expired-intermediate-certificate/
I was seeing the issue with Github not loading via SSL in both Safari and the command line with git pull. Once I deleted the old expired cert everything was fine.
我看到Github在Safari和命令行中都没有通过SSL加载git。一旦我删除了过期的证书,一切都很好。
#3
13
First off, you should be wary of urls that throw SSL errors. That being said, you can suppress certificate errors in curl with
首先,您应该警惕抛出SSL错误的url。也就是说,可以用curl来抑制证书错误
curl -k https://insecure.url/content-i-really-really-trust
#4
8
After updating to OS X 10.9.2, I started having invalid SSL certificate issues with Homebrew, Textmate, RVM, and Github.
在更新到OS X 10.9.2之后,我开始在Homebrew、Textmate、RVM和Github上出现无效的SSL证书问题。
When I initiate a brew update, I was getting the following error:
当我启动brew更新时,我得到了以下错误:
fatal: unable to access 'https://github.com/Homebrew/homebrew/': SSL certificate problem: Invalid certificate chain
Error: Failure while executing: git pull -q origin refs/heads/master:refs/remotes/origin/master
I was able to alleviate some of the issue by just disabling the SSL verification in Git. From the console (a.k.a. shell or terminal):
通过在Git中禁用SSL验证,我减轻了一些问题。从控制台(即shell或终端):
git config --global http.sslVerify false
I am leary to recommend this because it defeats the purpose of SSL, but it is the only advice I've found that works in a pinch.
我不建议这样做,因为它违背了SSL的目的,但这是我发现的惟一有用的建议。
I tried rvm osx-ssl-certs update all which stated Already are up to date.
我尝试了rvm osx-ssl-certs更新所有已经声明的更新。
In Safari, I visited https://github.com and attempted to set the certificate manually, but Safari did not present the options to trust the certificate.
在Safari中,我访问了https://github.com并尝试手动设置证书,但是Safari没有提供信任证书的选项。
Ultimately, I had to Reset Safari (Safari->Reset Safari... menu). Then afterward visit github.com and select the certificate, and "Always trust" This feels wrong and deletes the history and stored passwords, but it resolved my SSL verification issues. A bittersweet victory.
最终,我不得不重置Safari (Safari->重置Safari)。菜单)。然后访问github.com并选择证书,“始终信任”这让人感觉不对,并删除历史和存储的密码,但它解决了我的SSL验证问题。苦乐参半的胜利。
#5
3
Another cause of this can be duplicate keys in your KeyChain. I've seen this problem on two macs where there were duplicate "DigiCert High Assurance EV Root CA". One was in the login keychain, the other in the system one. Removing the certificate from the login keychain solved the problem.
另一个原因可能是密钥链中的重复密钥。我在两个mac上见过这个问题,那里有重复的“DigiCert高保证EV根CA”。一个在登录键链中,另一个在系统键链中。从登录密钥链中删除证书解决了这个问题。
This affected Safari browser as well as git on the command line.
这影响了Safari浏览器和命令行上的git。
#6
3
NOTE: This answer obviously defeats the purpose of SSL and should be used sparingly as a last resort.
注意:这个答案显然违背了SSL的目的,应该谨慎地使用它作为最后的手段。
For those having issues with scripts that download scripts that download scripts and want a quick fix, create a file called ~/.curlrc
对于那些使用脚本下载脚本下载脚本并希望快速修复的人来说,创建一个名为~/.curlrc的文件。
With the contents
与内容
--insecure
This will cause curl to ignore SSL certificate problems by default.
这将导致curl默认忽略SSL证书问题。
Make sure you delete the file when done.
确保在完成后删除文件。
UPDATE
更新
12 days later I got notified of an upvote on this answer, which made me go "Hmmm, did I follow my own advice remember to delete that .curlrc?", and discovered I hadn't. So that really underscores how easy it is to leave your curl insecure by following this method.
12天后,我被告知对这个答案进行了向上投票,这让我说:“嗯,我按照我自己的建议去做了吗?记得删除那个。curlrc?”发现我没有。这就强调了用这种方法让你的卷发不安全是多么容易。
#7
1
I started seeing this error after installing the latest command-line tools update (6.1) on Yosemite (10.10.1). In this particular case, a reboot of the system fixed the error (I had not rebooted since the update).
在Yosemite(10.10.1)上安装最新的命令行工具更新(6.1)后,我开始看到这个错误。在这个特殊的例子中,系统的重新启动修复了错误(自更新以来我没有重新启动)。
Mentioning this in case anyone with the same problem comes across this page, like I did.
如果有任何有同样问题的人出现在这一页上,就像我一样。
#8
0
After attempting all of the above solutions to eliminate the "curl: (60) SSL certificate problem: unable to get local issuer certificate" error, the solution that finally worked for me on OSX 10.9 was:
在尝试了上述所有解决方案以消除“curl: (60) SSL证书问题:无法获得本地发行者证书”错误之后,最终在OSX 10.9上对我起作用的解决方案是:
-
Locate the curl certificate PEM file location 'curl-config --ca' -- > /usr/local/etc/openssl/cert.pem
查找curl证书PEM文件的位置“curl-config——ca”——> /usr/local/etc/ openssls /cert. PEM
-
Use the folder location to identify the PEM file 'cd /usr/local/etc/openssl'
使用文件夹位置标识PEM文件“cd /usr/local/etc/openssl”
-
Create a backup of the cert.pem file 'cp cert.pem cert_pem.bkup'
创建cert.pem文件的备份'cp .pem cert_pem.bkup'
-
Download the updated Certificate file from the curl website 'sudo wget http://curl.haxx.se/ca/cacert.pem'
从curl网站“sudo wget”下载更新后的证书文件:http://curl.haxx.se/ca/cacert.pem
-
Copy the downloaded PEM file to replace the old PEM file 'cp cacert.pem cert.pem'
复制下载的PEM文件以替换旧的PEM文件'cp cacert。pem cert.pem”
This is a modified version of a solution posted to correct the same issue in Ubuntu found here:
这是一个修改版的解决方案,在Ubuntu中发现了相同的问题:
https://serverfault.com/questions/151157/ubuntu-10-04-curl-how-do-i-fix-update-the-ca-bundle
https://serverfault.com/questions/151157/ubuntu-10-04-curl-how-do-i-fix-update-the-ca-bundle
#1
65
Using the Safari browser (not Chrome, Firefox or Opera) on Mac OS X 10.9 (Mavericks) visit https://registry.npmjs.org
在Mac OS X 10.9 (Mavericks)上使用Safari浏览器(不是Chrome、Firefox或Opera)访问https://registry.npmjs.org。
Click the Show certificate button and then check the checkbox labelled Always trust. Then click Continue and enter your password if required.
单击Show certificate按钮,然后选中标有“始终信任”的复选框。然后单击“继续”并输入密码(如果需要的话)。
Curl should now work with that URL correctly.
Curl现在应该正确处理该URL。
#2
17
The problem is an expired intermediate certificate that is no longer used and must be deleted. Here is a blog post from Digicert explaining the issue and how to resolve it.
问题是一个过期的中间证书,它不再被使用,并且必须被删除。这是Digicert的一篇博客文章,解释这个问题以及如何解决它。
https://blog.digicert.com/expired-intermediate-certificate/
https://blog.digicert.com/expired-intermediate-certificate/
I was seeing the issue with Github not loading via SSL in both Safari and the command line with git pull. Once I deleted the old expired cert everything was fine.
我看到Github在Safari和命令行中都没有通过SSL加载git。一旦我删除了过期的证书,一切都很好。
#3
13
First off, you should be wary of urls that throw SSL errors. That being said, you can suppress certificate errors in curl with
首先,您应该警惕抛出SSL错误的url。也就是说,可以用curl来抑制证书错误
curl -k https://insecure.url/content-i-really-really-trust
#4
8
After updating to OS X 10.9.2, I started having invalid SSL certificate issues with Homebrew, Textmate, RVM, and Github.
在更新到OS X 10.9.2之后,我开始在Homebrew、Textmate、RVM和Github上出现无效的SSL证书问题。
When I initiate a brew update, I was getting the following error:
当我启动brew更新时,我得到了以下错误:
fatal: unable to access 'https://github.com/Homebrew/homebrew/': SSL certificate problem: Invalid certificate chain
Error: Failure while executing: git pull -q origin refs/heads/master:refs/remotes/origin/master
I was able to alleviate some of the issue by just disabling the SSL verification in Git. From the console (a.k.a. shell or terminal):
通过在Git中禁用SSL验证,我减轻了一些问题。从控制台(即shell或终端):
git config --global http.sslVerify false
I am leary to recommend this because it defeats the purpose of SSL, but it is the only advice I've found that works in a pinch.
我不建议这样做,因为它违背了SSL的目的,但这是我发现的惟一有用的建议。
I tried rvm osx-ssl-certs update all which stated Already are up to date.
我尝试了rvm osx-ssl-certs更新所有已经声明的更新。
In Safari, I visited https://github.com and attempted to set the certificate manually, but Safari did not present the options to trust the certificate.
在Safari中,我访问了https://github.com并尝试手动设置证书,但是Safari没有提供信任证书的选项。
Ultimately, I had to Reset Safari (Safari->Reset Safari... menu). Then afterward visit github.com and select the certificate, and "Always trust" This feels wrong and deletes the history and stored passwords, but it resolved my SSL verification issues. A bittersweet victory.
最终,我不得不重置Safari (Safari->重置Safari)。菜单)。然后访问github.com并选择证书,“始终信任”这让人感觉不对,并删除历史和存储的密码,但它解决了我的SSL验证问题。苦乐参半的胜利。
#5
3
Another cause of this can be duplicate keys in your KeyChain. I've seen this problem on two macs where there were duplicate "DigiCert High Assurance EV Root CA". One was in the login keychain, the other in the system one. Removing the certificate from the login keychain solved the problem.
另一个原因可能是密钥链中的重复密钥。我在两个mac上见过这个问题,那里有重复的“DigiCert高保证EV根CA”。一个在登录键链中,另一个在系统键链中。从登录密钥链中删除证书解决了这个问题。
This affected Safari browser as well as git on the command line.
这影响了Safari浏览器和命令行上的git。
#6
3
NOTE: This answer obviously defeats the purpose of SSL and should be used sparingly as a last resort.
注意:这个答案显然违背了SSL的目的,应该谨慎地使用它作为最后的手段。
For those having issues with scripts that download scripts that download scripts and want a quick fix, create a file called ~/.curlrc
对于那些使用脚本下载脚本下载脚本并希望快速修复的人来说,创建一个名为~/.curlrc的文件。
With the contents
与内容
--insecure
This will cause curl to ignore SSL certificate problems by default.
这将导致curl默认忽略SSL证书问题。
Make sure you delete the file when done.
确保在完成后删除文件。
UPDATE
更新
12 days later I got notified of an upvote on this answer, which made me go "Hmmm, did I follow my own advice remember to delete that .curlrc?", and discovered I hadn't. So that really underscores how easy it is to leave your curl insecure by following this method.
12天后,我被告知对这个答案进行了向上投票,这让我说:“嗯,我按照我自己的建议去做了吗?记得删除那个。curlrc?”发现我没有。这就强调了用这种方法让你的卷发不安全是多么容易。
#7
1
I started seeing this error after installing the latest command-line tools update (6.1) on Yosemite (10.10.1). In this particular case, a reboot of the system fixed the error (I had not rebooted since the update).
在Yosemite(10.10.1)上安装最新的命令行工具更新(6.1)后,我开始看到这个错误。在这个特殊的例子中,系统的重新启动修复了错误(自更新以来我没有重新启动)。
Mentioning this in case anyone with the same problem comes across this page, like I did.
如果有任何有同样问题的人出现在这一页上,就像我一样。
#8
0
After attempting all of the above solutions to eliminate the "curl: (60) SSL certificate problem: unable to get local issuer certificate" error, the solution that finally worked for me on OSX 10.9 was:
在尝试了上述所有解决方案以消除“curl: (60) SSL证书问题:无法获得本地发行者证书”错误之后,最终在OSX 10.9上对我起作用的解决方案是:
-
Locate the curl certificate PEM file location 'curl-config --ca' -- > /usr/local/etc/openssl/cert.pem
查找curl证书PEM文件的位置“curl-config——ca”——> /usr/local/etc/ openssls /cert. PEM
-
Use the folder location to identify the PEM file 'cd /usr/local/etc/openssl'
使用文件夹位置标识PEM文件“cd /usr/local/etc/openssl”
-
Create a backup of the cert.pem file 'cp cert.pem cert_pem.bkup'
创建cert.pem文件的备份'cp .pem cert_pem.bkup'
-
Download the updated Certificate file from the curl website 'sudo wget http://curl.haxx.se/ca/cacert.pem'
从curl网站“sudo wget”下载更新后的证书文件:http://curl.haxx.se/ca/cacert.pem
-
Copy the downloaded PEM file to replace the old PEM file 'cp cacert.pem cert.pem'
复制下载的PEM文件以替换旧的PEM文件'cp cacert。pem cert.pem”
This is a modified version of a solution posted to correct the same issue in Ubuntu found here:
这是一个修改版的解决方案,在Ubuntu中发现了相同的问题:
https://serverfault.com/questions/151157/ubuntu-10-04-curl-how-do-i-fix-update-the-ca-bundle
https://serverfault.com/questions/151157/ubuntu-10-04-curl-how-do-i-fix-update-the-ca-bundle