Centos SSL 过期问题三个解决方案

解决方案地址: http://www.megaleecher.net/SSL_Certificate_Verification_Error_in_Linux#axzz3P9axfRfp

返回错误信息如下:

fatal: unable to access 'https://github.com/gmarik/Vundle.vim.git/': SSL certificate problem, verify that the CA cert is OK. Details:

error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

The reason for the error is older version of CentOS 5.XX having expired certificate authority bundles, the root certificate bundle is located at :

/etc/pki/tls/certs/ca-bundle.crt

.

Solution One : Disable SSL for Github (Fastest)
Execute the command

git config --system http.sslVerify false

on console and retry connecting, this will simply bypass the SSL verification. Do mind that this can be dangerous from security point of view, SSL signature verification exists to safeguard against man in the middle attacks and this disables that safety feature. Use only when other solution's shared below does not work.

Solution Two : Update the CA certificate bundle (Recommended)
Use

yum update openssl

or equivalent command to get the latest version of OpenSSL library which will renew the working set of CA certificates (ca-bundle.crt).

Solution Three : Replace the old CA certificate's using cURL
Use curl and replace the certificate bundle with new ones using

curl http://curl.haxx.se/ca/cacert.pem -o /etc/pki/tls/certs/ca-bundle.crt

Read more: Fixing the "error: SSL certificate problem, verify that the CA cert is OK" Error On Linux | Megaleecher.Net http://www.megaleecher.net/SSL_Certificate_Verification_Error_in_Linux#ixzz3P9bZrWZi