第三方中间证书链出现 ONTAP S3" 无法获取本地颁发者证书 " 错误

最后更新
另存为PDF

Views:: 11

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: core<a>2008703265</a>

Last Updated:

适用场景

ONTAP S3
签名证书
ONTAP 9.7 及更高版本

问题描述

使用第三方签名证书链时， ONTAP S3 服务器不会发送整个证书链，因此验证失败：

# curl -I https://<URL/ -v * Expire in 0 ms for 6 (transfer 0x5623be65fdd0) ... * Expire in 0 ms for 1 (transfer 0x5623be65fdd0) * Trying 172.16.XX.XX... * TCP_NODELAY set * Expire in 200 ms for 4 (transfer 0x5623be65fdd0) * Connected to s3.local (172.16.XX.XX) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (OUT), TLS alert, unknown CA (560): * SSL certificate problem: unable to get local issuer certificate * Closing connection 0 curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.