系统时间错误导致https请求失败

今天发现一个奇特的问题。设备请求接口失败,但是在本地模拟接口请求时,是正常的。仔细排查设备请求日志,发现设备的时间设置是12月25日,与当前时间12月31日。然后修改本地时间,再模拟,果然失效。

仔细看,接口是使用https请求,换成http请求后,能正常访问。使用https请求时,会返回如下错误。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
curl: (60) SSL certificate problem: certificate is not yet valid
More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure.

原因

系统时间不在证书有效期内,导致证书验证失败。https通过SSL / TLS连接保护在线传输的任何通信。HTTPS=HTTP+SSL。SSL证书中有一个有效时间段,当客户端或服务器的系统时间不在这个时间段内时SSL会因证书验证失败而无法连接

参考文章

SSL双方系统时间不一致导致的SSL连接失败及其解决方案

螃蟹 wechat
欢迎您扫一扫上面的微信公众号,订阅我的博客!
坚持原创技术分享,您的支持将鼓励我继续创作!