几个curl 命令和python 环境下 certifi 本机证书本地证书相关

原创已于 2025-10-08 20:49:59 修改 · 347 阅读

0 ·

本内容遵循CC 4.0 BY-SA版权协议

GEO检测

标签

#curl #证书 #pem #certifi #python

于 2025-10-08 18:25:48 首次发布

几个curl 命令和python 环境下 certifi 本机证书本地证书相关

curl -X POST 使用POST协议

curl -I 返回头信息

curl -w %{certs} https://www.yourdomain.com >yourdomain.com.pem 输出证书

curl --cacert D:\DEL\yourdomain2024.pem https://www.sohu.com 使用本地证书进行https访问

C:\Users\AAAAA>python -m certifi 查询当前本机证书文件，前提条件安装了Python 并且安装了certifi组件

1、把网站证书文件下载下来：

C:\Users\AAAAA>curl -w %{certs} https://www.yourdomain.com >yourdomain.com.pem
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   489  100   489    0     0   1836      0 --:--:-- --:--:-- --:--:--  1910

2、带我自己的证书文件去访问网站，我的证书是过期的、花了钱的证书文件，不解的是，居然报错了，原因证书不是可信的根证书：

C:\Users\AAAAA>curl --cacert D:\DEL\yourdomain2024.pem https://www.sohu.com
curl: (60) schannel: CertGetCertificateChain trust error CERT_TRUST_IS_UNTRUSTED_ROOT
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the webpage mentioned above.

3、我电脑上没找我能用的证书文件，去curl网站下载了一个有效的证书文件，再去执行，就没报错了：

官网地址：

https://curl.se/docs/caextract.html 最上面的蓝色的就当前可用的证书文件，

C:\Users\AAAAA>curl --cacert C:\del\cacert.pem https://www.sohu.com

C:\Users\AAAAA>curl --cacert C:\del\cacert.pem  https://www.sohu.com

4、用花钱买的、有效的正规的证书去访问（我在windows电脑上安装了。crt 文件后，仍然报错）证书的证据链不完整：

C:\Users\AAAAA>curl --cacert C:\del\yourdomain.com2025.pem https://www.yourdomain.com
curl: (60) schannel: CertGetCertificateChain trust error CERT_TRUST_IS_PARTIAL_CHAIN
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the webpage mentioned above.

我写完上述文字后，我继续研究，参考：

https://www.cnblogs.com/Undefined443/p/18811822
https://www.cnblogs.com/zhaoyingjie/p/17807094.html

在电脑上做了测试，发现以下方法可行：

5、查看本机的证书文件：

C:\Users\huajie.yuan>python -m certifi
D:\develop\pycharmCode\venv\lib\site-packages\certifi\cacert.pem

Python 环境需要先执行安装 certifi组件，然后才能有这个证书（我也不确定是安装python带来的证书还是安装了certifi组件后带来的这个证书）？同理java估计也有类似的方法可以查询到java版本的本机证书

pip install certifi

6、再用本机的证书，访问https网站，就再也不报错了：

C:\Users\AAAAAA>curl --cacert D:\develop\pycharmCode\venv\lib\site-packages\certifi\cacert.pem https://www.sohu.com

C:\Users\AAAAA>curl --cacert D:\develop\pycharmCode\venv\lib\site-packages\certifi\cacert.pem https://www.baidu.com -I
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Wed, 08 Oct 2025 12:21:43 GMT
Etag: "575e1f59-115"
Last-Modified: Mon, 13 Jun 2016 02:50:01 GMT
Pragma: no-cache
Server: bfe/1.0.8.18
Tr_id: bfe_10598070841033743540