为什么wget会提示证书无效，而得加上--no-check-certificate才能下载

博主： admin
发布时间：2023 年 11 月 29 日
37 次浏览
暂无评论
15229字数
分类： wget 应用软件网络安全 SSL

查看系统当前支持的证书包

# for centos
awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}' /etc/pki/tls/certs/ca-bundle.crt

# for ubuntu
awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}'     /etc/ssl/certs/ca-certificates.crt

举例

当前，我的办公pc是deepin linux 20

当前的证书包内容

jacky@jacky-office:~/Downloads$ awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}'     /etc/ssl/certs/ca-certificates.crt
subject=CN = ACCVRAIZ1, OU = PKIACCV, O = ACCV, C = ES
subject=C = ES, O = FNMT-RCM, OU = AC RAIZ FNMT-RCM
subject=C = IT, L = Milan, O = Actalis S.p.A./03358520967, CN = Actalis Authentication Root CA
subject=C = US, O = AffirmTrust, CN = AffirmTrust Commercial
subject=C = US, O = AffirmTrust, CN = AffirmTrust Networking
subject=C = US, O = AffirmTrust, CN = AffirmTrust Premium
subject=C = US, O = AffirmTrust, CN = AffirmTrust Premium ECC
subject=C = US, O = Amazon, CN = Amazon Root CA 1
subject=C = US, O = Amazon, CN = Amazon Root CA 2
subject=C = US, O = Amazon, CN = Amazon Root CA 3
subject=C = US, O = Amazon, CN = Amazon Root CA 4
subject=CN = Atos TrustedRoot 2011, O = Atos, C = DE
subject=C = ES, CN = Autoridad de Certificacion Firmaprofesional CIF A62634068
subject=C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
subject=C = NO, O = Buypass AS-983163327, CN = Buypass Class 2 Root CA
subject=C = NO, O = Buypass AS-983163327, CN = Buypass Class 3 Root CA
subject=C = SK, L = Bratislava, O = Disig a.s., CN = CA Disig Root R2
subject=C = CN, O = China Financial Certification Authority, CN = CFCA EV ROOT
subject=C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO Certification Authority
subject=C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO ECC Certification Authority
subject=C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
subject=C = FR, O = Dhimyotis, CN = Certigna
subject=C = FR, O = Dhimyotis, OU = 0002 48146308100036, CN = Certigna Root CA
subject=C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Trusted Network CA
subject=C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Trusted Network CA 2
subject=C = EU, L = Madrid (see current address at www.camerfirma.com/address), serialNumber = A82743287, O = AC Camerfirma S.A., CN = Chambers of Commerce Root - 2008
subject=C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
subject=O = "Cybertrust, Inc", CN = Cybertrust Global Root
subject=C = DE, O = D-Trust GmbH, CN = D-TRUST Root Class 3 CA 2 2009
subject=C = DE, O = D-Trust GmbH, CN = D-TRUST Root Class 3 CA 2 EV 2009
subject=O = Digital Signature Trust Co., CN = DST Root CA X3
subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Assured ID Root CA
subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Assured ID Root G2
subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Assured ID Root G3
subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G3
subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Trusted Root G4
subject=C = TR, L = Ankara, O = E-Tu\C4\9Fra EBG Bili\C5\9Fim Teknolojileri ve Hizmetleri A.\C5\9E., OU = E-Tugra Sertifikasyon Merkezi, CN = E-Tugra Certification Authority
subject=C = ES, O = Agencia Catalana de Certificacio (NIF Q-0801176-I), OU = Serveis Publics de Certificacio, OU = Vegeu https://www.catcert.net/verarrel (c)03, OU = Jerarquia Entitats de Certificacio Catalanes, CN = EC-ACC
subject=C = EE, O = AS Sertifitseerimiskeskus, CN = EE Certification Centre Root CA, emailAddress = pki@sk.ee
subject=O = Entrust.net, OU = www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU = (c) 1999 Entrust.net Limited, CN = Entrust.net Certification Authority (2048)
subject=C = US, O = "Entrust, Inc.", OU = www.entrust.net/CPS is incorporated by reference, OU = "(c) 2006 Entrust, Inc.", CN = Entrust Root Certification Authority
subject=C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2012 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - EC1
subject=C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2009 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - G2
subject=C = US, O = "Entrust, Inc.", OU = See www.entrust.net/legal-terms, OU = "(c) 2015 Entrust, Inc. - for authorized use only", CN = Entrust Root Certification Authority - G4
subject=C = CN, O = "GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.", CN = GDCA TrustAUTH R5 ROOT
subject=C = US, O = Google Trust Services LLC, CN = GTS Root R1
subject=C = US, O = Google Trust Services LLC, CN = GTS Root R2
subject=C = US, O = Google Trust Services LLC, CN = GTS Root R3
subject=C = US, O = Google Trust Services LLC, CN = GTS Root R4
subject=C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
subject=C = US, O = GeoTrust Inc., CN = GeoTrust Primary Certification Authority
subject=C = US, O = GeoTrust Inc., OU = (c) 2007 GeoTrust Inc. - For authorized use only, CN = GeoTrust Primary Certification Authority - G2
subject=C = US, O = GeoTrust Inc., OU = (c) 2008 GeoTrust Inc. - For authorized use only, CN = GeoTrust Primary Certification Authority - G3
subject=C = US, O = GeoTrust Inc., CN = GeoTrust Universal CA
subject=C = US, O = GeoTrust Inc., CN = GeoTrust Universal CA 2
subject=OU = GlobalSign ECC Root CA - R4, O = GlobalSign, CN = GlobalSign
subject=OU = GlobalSign ECC Root CA - R5, O = GlobalSign, CN = GlobalSign
subject=C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
subject=OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
subject=OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
subject=OU = GlobalSign Root CA - R6, O = GlobalSign, CN = GlobalSign
subject=C = EU, L = Madrid (see current address at www.camerfirma.com/address), serialNumber = A82743287, O = AC Camerfirma S.A., CN = Global Chambersign Root - 2008
subject=C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority
subject=C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
subject=C = GR, L = Athens, O = Hellenic Academic and Research Institutions Cert. Authority, CN = Hellenic Academic and Research Institutions ECC RootCA 2015
subject=C = GR, O = Hellenic Academic and Research Institutions Cert. Authority, CN = Hellenic Academic and Research Institutions RootCA 2011
subject=C = GR, L = Athens, O = Hellenic Academic and Research Institutions Cert. Authority, CN = Hellenic Academic and Research Institutions RootCA 2015
subject=C = HK, O = Hongkong Post, CN = Hongkong Post Root CA 1
subject=C = HK, ST = Hong Kong, L = Hong Kong, O = Hongkong Post, CN = Hongkong Post Root CA 3
subject=C = US, O = Internet Security Research Group, CN = ISRG Root X1
subject=C = US, O = IdenTrust, CN = IdenTrust Commercial Root CA 1
subject=C = US, O = IdenTrust, CN = IdenTrust Public Sector Root CA 1
subject=C = ES, O = IZENPE S.A., CN = Izenpe.com
subject=C = LU, O = LuxTrust S.A., CN = LuxTrust Global Root 2
subject=C = HU, L = Budapest, O = Microsec Ltd., CN = Microsec e-Szigno Root CA 2009, emailAddress = info@e-szigno.hu
subject=C = HU, L = Budapest, O = NetLock Kft., OU = Tan\C3\BAs\C3\ADtv\C3\A1nykiad\C3\B3k (Certification Services), CN = NetLock Arany (Class Gold) F\C5\91tan\C3\BAs\C3\ADtv\C3\A1ny
subject=C = US, O = Network Solutions L.L.C., CN = Network Solutions Certificate Authority
subject=C = CH, O = WISeKey, OU = Copyright (c) 2005, OU = OISTE Foundation Endorsed, CN = OISTE WISeKey Global Root GA CA
subject=C = CH, O = WISeKey, OU = OISTE Foundation Endorsed, CN = OISTE WISeKey Global Root GB CA
subject=C = CH, O = WISeKey, OU = OISTE Foundation Endorsed, CN = OISTE WISeKey Global Root GC CA
subject=C = BM, O = QuoVadis Limited, OU = Root Certification Authority, CN = QuoVadis Root Certification Authority
subject=C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 1 G3
subject=C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 2
subject=C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 2 G3
subject=C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 3
subject=C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 3 G3
subject=C = US, ST = Texas, L = Houston, O = SSL Corporation, CN = SSL.com EV Root Certification Authority ECC
subject=C = US, ST = Texas, L = Houston, O = SSL Corporation, CN = SSL.com EV Root Certification Authority RSA R2
subject=C = US, ST = Texas, L = Houston, O = SSL Corporation, CN = SSL.com Root Certification Authority ECC
subject=C = US, ST = Texas, L = Houston, O = SSL Corporation, CN = SSL.com Root Certification Authority RSA
subject=C = PL, O = Krajowa Izba Rozliczeniowa S.A., CN = SZAFIR ROOT CA2
subject=C = JP, O = "Japan Certification Services, Inc.", CN = SecureSign RootCA11
subject=C = US, O = SecureTrust Corporation, CN = SecureTrust CA
subject=C = US, O = SecureTrust Corporation, CN = Secure Global CA
subject=C = JP, O = "SECOM Trust Systems CO.,LTD.", OU = Security Communication RootCA2
subject=C = JP, O = SECOM Trust.net, OU = Security Communication RootCA1
subject=C = FI, O = Sonera, CN = Sonera Class2 CA
subject=C = NL, O = Staat der Nederlanden, CN = Staat der Nederlanden EV Root CA
subject=C = NL, O = Staat der Nederlanden, CN = Staat der Nederlanden Root CA - G2
subject=C = NL, O = Staat der Nederlanden, CN = Staat der Nederlanden Root CA - G3
subject=C = US, O = "Starfield Technologies, Inc.", OU = Starfield Class 2 Certification Authority
subject=C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Root Certificate Authority - G2
subject=C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2
subject=C = CH, O = SwissSign AG, CN = SwissSign Gold CA - G2
subject=C = CH, O = SwissSign AG, CN = SwissSign Silver CA - G2
subject=C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 2
subject=C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 3
subject=C = TR, L = Gebze - Kocaeli, O = Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK, OU = Kamu Sertifikasyon Merkezi - Kamu SM, CN = TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
subject=C = TW, O = TAIWAN-CA, OU = Root CA, CN = TWCA Global Root CA
subject=C = TW, O = TAIWAN-CA, OU = Root CA, CN = TWCA Root Certification Authority
subject=C = TW, O = Government Root Certification Authority
subject=O = TeliaSonera, CN = TeliaSonera Root CA v1
subject=C = PA, ST = Panama, L = Panama City, O = TrustCor Systems S. de R.L., OU = TrustCor Certificate Authority, CN = TrustCor ECA-1
subject=C = PA, ST = Panama, L = Panama City, O = TrustCor Systems S. de R.L., OU = TrustCor Certificate Authority, CN = TrustCor RootCert CA-1
subject=C = PA, ST = Panama, L = Panama City, O = TrustCor Systems S. de R.L., OU = TrustCor Certificate Authority, CN = TrustCor RootCert CA-2
subject=C = GB, O = Trustis Limited, OU = Trustis FPS Root CA
subject=C = CN, O = UniTrust, CN = UCA Extended Validation Root
subject=C = CN, O = UniTrust, CN = UCA Global G2 Root
subject=C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust ECC Certification Authority
subject=C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
subject=C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2007 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G4
subject=C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5
subject=C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2008 VeriSign, Inc. - For authorized use only", CN = VeriSign Universal Root Certification Authority
subject=C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 1999 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G3
subject=C = US, OU = www.xrampsecurity.com, O = XRamp Security Services Inc, CN = XRamp Global Certification Authority
subject=C = RO, O = certSIGN, OU = certSIGN ROOT CA
subject=C = TW, O = "Chunghwa Telecom Co., Ltd.", OU = ePKI Root Certification Authority
subject=C = US, OU = emSign PKI, O = eMudhra Inc, CN = emSign ECC Root CA - C3
subject=C = IN, OU = emSign PKI, O = eMudhra Technologies Limited, CN = emSign ECC Root CA - G3
subject=C = US, OU = emSign PKI, O = eMudhra Inc, CN = emSign Root CA - C1
subject=C = IN, OU = emSign PKI, O = eMudhra Technologies Limited, CN = emSign Root CA - G1
subject=C = US, O = "thawte, Inc.", OU = Certification Services Division, OU = "(c) 2006 thawte, Inc. - For authorized use only", CN = thawte Primary Root CA
subject=C = US, O = "thawte, Inc.", OU = "(c) 2007 thawte, Inc. - For authorized use only", CN = thawte Primary Root CA - G2
subject=C = US, O = "thawte, Inc.", OU = Certification Services Division, OU = "(c) 2008 thawte, Inc. - For authorized use only", CN = thawte Primary Root CA - G3

然后，我尝试从Mozilla提供的证书包下载当前最新的

https://curl.se/ca/cacert-2023-08-22.pem

2023-11-29T06:37:57.png

wget --no-check-certificate https://curl.se/ca/cacert-2023-08-22.pem

2023-11-29T06:38:50.png

sudo mv /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt.bak
sudo cp ~/Downloads/cacert-2023-08-22.pem /etc/ssl/certs/ca-certificates.crt

2023-11-29T06:39:58.png

对比新的老的整数包，发现新的会多4个。

jacky@jacky-office:~/Downloads$ awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}'     /etc/ssl/certs/ca-certificates.crt | wc -l
Could not read certificate from <stdin>
809BC38F157F0000:error:1608010C:STORE routines:ossl_store_handle_load_result:unsupported:crypto/store/store_result.c:151:
141
jacky@jacky-office:~/Downloads$ awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}'     /etc/ssl/certs/ca-certificates.crt.bak | wc -l
137

2023-11-29T06:41:20.png

最后修改：2024 年 05 月 11 日

如果觉得我的文章对你有用，请随意赞赏

发表评论取消回复
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款

评论 *

私密评论

名称 *

🎲

邮箱 *

地址

为什么wget会提示证书无效，而得加上--no-check-certificate才能下载

admin • 2023 年 11 月 29 日

查看系统当前支持的证书包<pre><code># for centos
awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}' /etc/pki/tls/certs/ca-bundle.crt

# for ubuntu
awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}' /etc/ssl/certs/ca-certificates.crt
</code></pre><h1>举例</h1>当前，我的办公pc是deepin linux 20当前的证书包内容<pre><code>jacky@jacky-office:~/Downloads$ awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}' /etc/ssl/certs/ca-certificates.crt
subject=CN = ACCVRAIZ1, OU = PKIACCV, O = ACCV, C = ES
subject=C = ES, O = FNMT-RCM, OU = AC RAIZ FNMT-RCM
subject=C = IT, L = Milan, O = Actalis S.p.A./03358520967, CN = Actalis Authentication Root CA
subject=C = US, O = AffirmTrust, CN = AffirmTrust Commercial
subject=C = US, O = AffirmTrust, CN = AffirmTrust Networking
subject=C = US, O = AffirmTrust, CN = AffirmTrust Premium
subject=C = US, O = AffirmTrust, CN = AffirmTrust Premium ECC
subject=C = US, O = Amazon, CN = Amazon Root CA 1
subject=C = US, O = Amazon, CN = Amazon Root CA 2
subject=C = US, O = Amazon, CN = Amazon Root CA 3
subject=C = US, O = Amazon, CN = Amazon Root CA 4
subject=CN = Atos TrustedRoot 2011, O = Atos, C = DE
subject=C = ES, CN = Autoridad de Certificacion Firmaprofesional CIF A62634068
subject=C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
subject=C = NO, O = Buypass AS-983163327, CN = Buypass Class 2 Root CA
subject=C = NO, O = Buypass AS-983163327, CN = Buypass Class 3 Root CA
subject=C = SK, L = Bratislava, O = Disig a.s., CN = CA Disig Root R2
subject=C = CN, O = China Financial Certification Authority, CN = CFCA EV ROOT
subject=C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO Certification Authority
subject=C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO ECC Certification Authority
subject=C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
subject=C = FR, O = Dhimyotis, CN = Certigna
subject=C = FR, O = Dhimyotis, OU = 0002 48146308100036, CN = Certigna Root CA
subject=C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Trusted Network CA
subject=C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Trusted Network CA 2
subject=C = EU, L = Madrid (see current address at www.camerfirma.com/address), serialNumber = A82743287, O = AC Camerfirma S.A., CN = Chambers of Commerce Root - 2008
subject=C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services
subject=O = &quot;Cybertrust, Inc&quot;, CN = Cybertrust Global Root
subject=C = DE, O = D-Trust GmbH, CN = D-TRUST Root Class 3 CA 2 2009
subject=C = DE, O = D-Trust GmbH, CN = D-TRUST Root Class 3 CA 2 EV 2009
subject=O = Digital Signature Trust Co., CN = DST Root CA X3
subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Assured ID Root CA
subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Assured ID Root G2
subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Assured ID Root G3
subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G3
subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
subject=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Trusted Root G4
subject=C = TR, L = Ankara, O = E-Tu\C4\9Fra EBG Bili\C5\9Fim Teknolojileri ve Hizmetleri A.\C5\9E., OU = E-Tugra Sertifikasyon Merkezi, CN = E-Tugra Certification Authority
subject=C = ES, O = Agencia Catalana de Certificacio (NIF Q-0801176-I), OU = Serveis Publics de Certificacio, OU = Vegeu https://www.catcert.net/verarrel (c)03, OU = Jerarquia Entitats de Certificacio Catalanes, CN = EC-ACC
subject=C = EE, O = AS Sertifitseerimiskeskus, CN = EE Certification Centre Root CA, emailAddress = pki@sk.ee
subject=O = Entrust.net, OU = www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU = (c) 1999 Entrust.net Limited, CN = Entrust.net Certification Authority (2048)
subject=C = US, O = &quot;Entrust, Inc.&quot;, OU = www.entrust.net/CPS is incorporated by reference, OU = &quot;(c) 2006 Entrust, Inc.&quot;, CN = Entrust Root Certification Authority
subject=C = US, O = &quot;Entrust, Inc.&quot;, OU = See www.entrust.net/legal-terms, OU = &quot;(c) 2012 Entrust, Inc. - for authorized use only&quot;, CN = Entrust Root Certification Authority - EC1
subject=C = US, O = &quot;Entrust, Inc.&quot;, OU = See www.entrust.net/legal-terms, OU = &quot;(c) 2009 Entrust, Inc. - for authorized use only&quot;, CN = Entrust Root Certification Authority - G2
subject=C = US, O = &quot;Entrust, Inc.&quot;, OU = See www.entrust.net/legal-terms, OU = &quot;(c) 2015 Entrust, Inc. - for authorized use only&quot;, CN = Entrust Root Certification Authority - G4
subject=C = CN, O = &quot;GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.&quot;, CN = GDCA TrustAUTH R5 ROOT
subject=C = US, O = Google Trust Services LLC, CN = GTS Root R1
subject=C = US, O = Google Trust Services LLC, CN = GTS Root R2
subject=C = US, O = Google Trust Services LLC, CN = GTS Root R3
subject=C = US, O = Google Trust Services LLC, CN = GTS Root R4
subject=C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
subject=C = US, O = GeoTrust Inc., CN = GeoTrust Primary Certification Authority
subject=C = US, O = GeoTrust Inc., OU = (c) 2007 GeoTrust Inc. - For authorized use only, CN = GeoTrust Primary Certification Authority - G2
subject=C = US, O = GeoTrust Inc., OU = (c) 2008 GeoTrust Inc. - For authorized use only, CN = GeoTrust Primary Certification Authority - G3
subject=C = US, O = GeoTrust Inc., CN = GeoTrust Universal CA
subject=C = US, O = GeoTrust Inc., CN = GeoTrust Universal CA 2
subject=OU = GlobalSign ECC Root CA - R4, O = GlobalSign, CN = GlobalSign
subject=OU = GlobalSign ECC Root CA - R5, O = GlobalSign, CN = GlobalSign
subject=C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
subject=OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
subject=OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
subject=OU = GlobalSign Root CA - R6, O = GlobalSign, CN = GlobalSign
subject=C = EU, L = Madrid (see current address at www.camerfirma.com/address), serialNumber = A82743287, O = AC Camerfirma S.A., CN = Global Chambersign Root - 2008
subject=C = US, O = &quot;The Go Daddy Group, Inc.&quot;, OU = Go Daddy Class 2 Certification Authority
subject=C = US, ST = Arizona, L = Scottsdale, O = &quot;GoDaddy.com, Inc.&quot;, CN = Go Daddy Root Certificate Authority - G2
subject=C = GR, L = Athens, O = Hellenic Academic and Research Institutions Cert. Authority, CN = Hellenic Academic and Research Institutions ECC RootCA 2015
subject=C = GR, O = Hellenic Academic and Research Institutions Cert. Authority, CN = Hellenic Academic and Research Institutions RootCA 2011
subject=C = GR, L = Athens, O = Hellenic Academic and Research Institutions Cert. Authority, CN = Hellenic Academic and Research Institutions RootCA 2015
subject=C = HK, O = Hongkong Post, CN = Hongkong Post Root CA 1
subject=C = HK, ST = Hong Kong, L = Hong Kong, O = Hongkong Post, CN = Hongkong Post Root CA 3
subject=C = US, O = Internet Security Research Group, CN = ISRG Root X1
subject=C = US, O = IdenTrust, CN = IdenTrust Commercial Root CA 1
subject=C = US, O = IdenTrust, CN = IdenTrust Public Sector Root CA 1
subject=C = ES, O = IZENPE S.A., CN = Izenpe.com
subject=C = LU, O = LuxTrust S.A., CN = LuxTrust Global Root 2
subject=C = HU, L = Budapest, O = Microsec Ltd., CN = Microsec e-Szigno Root CA 2009, emailAddress = info@e-szigno.hu
subject=C = HU, L = Budapest, O = NetLock Kft., OU = Tan\C3\BAs\C3\ADtv\C3\A1nykiad\C3\B3k (Certification Services), CN = NetLock Arany (Class Gold) F\C5\91tan\C3\BAs\C3\ADtv\C3\A1ny
subject=C = US, O = Network Solutions L.L.C., CN = Network Solutions Certificate Authority
subject=C = CH, O = WISeKey, OU = Copyright (c) 2005, OU = OISTE Foundation Endorsed, CN = OISTE WISeKey Global Root GA CA
subject=C = CH, O = WISeKey, OU = OISTE Foundation Endorsed, CN = OISTE WISeKey Global Root GB CA
subject=C = CH, O = WISeKey, OU = OISTE Foundation Endorsed, CN = OISTE WISeKey Global Root GC CA
subject=C = BM, O = QuoVadis Limited, OU = Root Certification Authority, CN = QuoVadis Root Certification Authority
subject=C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 1 G3
subject=C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 2
subject=C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 2 G3
subject=C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 3
subject=C = BM, O = QuoVadis Limited, CN = QuoVadis Root CA 3 G3
subject=C = US, ST = Texas, L = Houston, O = SSL Corporation, CN = SSL.com EV Root Certification Authority ECC
subject=C = US, ST = Texas, L = Houston, O = SSL Corporation, CN = SSL.com EV Root Certification Authority RSA R2
subject=C = US, ST = Texas, L = Houston, O = SSL Corporation, CN = SSL.com Root Certification Authority ECC
subject=C = US, ST = Texas, L = Houston, O = SSL Corporation, CN = SSL.com Root Certification Authority RSA
subject=C = PL, O = Krajowa Izba Rozliczeniowa S.A., CN = SZAFIR ROOT CA2
subject=C = JP, O = &quot;Japan Certification Services, Inc.&quot;, CN = SecureSign RootCA11
subject=C = US, O = SecureTrust Corporation, CN = SecureTrust CA
subject=C = US, O = SecureTrust Corporation, CN = Secure Global CA
subject=C = JP, O = &quot;SECOM Trust Systems CO.,LTD.&quot;, OU = Security Communication RootCA2
subject=C = JP, O = SECOM Trust.net, OU = Security Communication RootCA1
subject=C = FI, O = Sonera, CN = Sonera Class2 CA
subject=C = NL, O = Staat der Nederlanden, CN = Staat der Nederlanden EV Root CA
subject=C = NL, O = Staat der Nederlanden, CN = Staat der Nederlanden Root CA - G2
subject=C = NL, O = Staat der Nederlanden, CN = Staat der Nederlanden Root CA - G3
subject=C = US, O = &quot;Starfield Technologies, Inc.&quot;, OU = Starfield Class 2 Certification Authority
subject=C = US, ST = Arizona, L = Scottsdale, O = &quot;Starfield Technologies, Inc.&quot;, CN = Starfield Root Certificate Authority - G2
subject=C = US, ST = Arizona, L = Scottsdale, O = &quot;Starfield Technologies, Inc.&quot;, CN = Starfield Services Root Certificate Authority - G2
subject=C = CH, O = SwissSign AG, CN = SwissSign Gold CA - G2
subject=C = CH, O = SwissSign AG, CN = SwissSign Silver CA - G2
subject=C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 2
subject=C = DE, O = T-Systems Enterprise Services GmbH, OU = T-Systems Trust Center, CN = T-TeleSec GlobalRoot Class 3
subject=C = TR, L = Gebze - Kocaeli, O = Turkiye Bilimsel ve Teknolojik Arastirma Kurumu - TUBITAK, OU = Kamu Sertifikasyon Merkezi - Kamu SM, CN = TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
subject=C = TW, O = TAIWAN-CA, OU = Root CA, CN = TWCA Global Root CA
subject=C = TW, O = TAIWAN-CA, OU = Root CA, CN = TWCA Root Certification Authority
subject=C = TW, O = Government Root Certification Authority
subject=O = TeliaSonera, CN = TeliaSonera Root CA v1
subject=C = PA, ST = Panama, L = Panama City, O = TrustCor Systems S. de R.L., OU = TrustCor Certificate Authority, CN = TrustCor ECA-1
subject=C = PA, ST = Panama, L = Panama City, O = TrustCor Systems S. de R.L., OU = TrustCor Certificate Authority, CN = TrustCor RootCert CA-1
subject=C = PA, ST = Panama, L = Panama City, O = TrustCor Systems S. de R.L., OU = TrustCor Certificate Authority, CN = TrustCor RootCert CA-2
subject=C = GB, O = Trustis Limited, OU = Trustis FPS Root CA
subject=C = CN, O = UniTrust, CN = UCA Extended Validation Root
subject=C = CN, O = UniTrust, CN = UCA Global G2 Root
subject=C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust ECC Certification Authority
subject=C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority
subject=C = US, O = &quot;VeriSign, Inc.&quot;, OU = VeriSign Trust Network, OU = &quot;(c) 2007 VeriSign, Inc. - For authorized use only&quot;, CN = VeriSign Class 3 Public Primary Certification Authority - G4
subject=C = US, O = &quot;VeriSign, Inc.&quot;, OU = VeriSign Trust Network, OU = &quot;(c) 2006 VeriSign, Inc. - For authorized use only&quot;, CN = VeriSign Class 3 Public Primary Certification Authority - G5
subject=C = US, O = &quot;VeriSign, Inc.&quot;, OU = VeriSign Trust Network, OU = &quot;(c) 2008 VeriSign, Inc. - For authorized use only&quot;, CN = VeriSign Universal Root Certification Authority
subject=C = US, O = &quot;VeriSign, Inc.&quot;, OU = VeriSign Trust Network, OU = &quot;(c) 1999 VeriSign, Inc. - For authorized use only&quot;, CN = VeriSign Class 3 Public Primary Certification Authority - G3
subject=C = US, OU = www.xrampsecurity.com, O = XRamp Security Services Inc, CN = XRamp Global Certification Authority
subject=C = RO, O = certSIGN, OU = certSIGN ROOT CA
subject=C = TW, O = &quot;Chunghwa Telecom Co., Ltd.&quot;, OU = ePKI Root Certification Authority
subject=C = US, OU = emSign PKI, O = eMudhra Inc, CN = emSign ECC Root CA - C3
subject=C = IN, OU = emSign PKI, O = eMudhra Technologies Limited, CN = emSign ECC Root CA - G3
subject=C = US, OU = emSign PKI, O = eMudhra Inc, CN = emSign Root CA - C1
subject=C = IN, OU = emSign PKI, O = eMudhra Technologies Limited, CN = emSign Root CA - G1
subject=C = US, O = &quot;thawte, Inc.&quot;, OU = Certification Services Division, OU = &quot;(c) 2006 thawte, Inc. - For authorized use only&quot;, CN = thawte Primary Root CA
subject=C = US, O = &quot;thawte, Inc.&quot;, OU = &quot;(c) 2007 thawte, Inc. - For authorized use only&quot;, CN = thawte Primary Root CA - G2
subject=C = US, O = &quot;thawte, Inc.&quot;, OU = Certification Services Division, OU = &quot;(c) 2008 thawte, Inc. - For authorized use only&quot;, CN = thawte Primary Root CA - G3
</code></pre>然后，我尝试从Mozilla提供的证书包<a class="no-external-link" href="https://curl.se/docs/caextract.html" target="_blank">下载</a>当前最新的<pre><code>https://curl.se/ca/cacert-2023-08-22.pem
</code></pre><img src="https://www.sddts.cn/usr/uploads/2023/11/2998857888.png" alt="2023-11-29T06:37:57.png" title="2023-11-29T06:37:57.png" style=""><pre><code>wget --no-check-certificate https://curl.se/ca/cacert-2023-08-22.pem
</code></pre><img src="https://www.sddts.cn/usr/uploads/2023/11/3414724629.png" alt="2023-11-29T06:38:50.png" title="2023-11-29T06:38:50.png" style=""><pre><code>sudo mv /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt.bak
sudo cp ~/Downloads/cacert-2023-08-22.pem /etc/ssl/certs/ca-certificates.crt
</code></pre><img src="https://www.sddts.cn/usr/uploads/2023/11/406809485.png" alt="2023-11-29T06:39:58.png" title="2023-11-29T06:39:58.png" style="">对比新的老的整数包，发现新的会多4个。<pre><code>jacky@jacky-office:~/Downloads$ awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}' /etc/ssl/certs/ca-certificates.crt | wc -l
Could not read certificate from &lt;stdin&gt;
809BC38F157F0000:error:1608010C:STORE routines:ossl_store_handle_load_result:unsupported:crypto/store/store_result.c:151:
141
jacky@jacky-office:~/Downloads$ awk -v cmd='openssl x509 -noout -subject' '/BEGIN/{close(cmd)};{print | cmd}' /etc/ssl/certs/ca-certificates.crt.bak | wc -l
137
</code></pre><img src="https://www.sddts.cn/usr/uploads/2023/11/160775163.png" alt="2023-11-29T06:41:20.png" title="2023-11-29T06:41:20.png" style="">

举例

发表评论 取消回复 使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款

为什么wget会提示证书无效，而得加上--no-check-certificate才能下载

发表评论取消回复
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款