Добрый день, возникла странная проблема при запросах на Яндекс сервисы. Изначально мне возвращались ошибки в php рода
file_get_contents(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
openssl s_client -connect www.yandex.ru:443 -CAfile cacert.pem
CONNECTED(00000003)
depth=2 C = PL, O = Unizeto Technologies S.A., OU = Certum Certification Authority, CN = Certum Trusted Network CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=RU/O=Yandex LLC/OU=ITO/L=Moscow/ST=Russia/CN=yandex.ru
i:/C=RU/O=Yandex LLC/OU=Yandex Certification Authority/CN=Yandex CA
1 s:/C=RU/O=Yandex LLC/OU=Yandex Certification Authority/CN=Yandex CA
i:/C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA
2 s:/C=PL/O=Unizeto Technologies S.A./OU=Certum Certification Authority/CN=Certum Trusted Network CA
i:/C=PL/O=Unizeto Sp. z o.o./CN=Certum CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIILSDCCCjCgAwIBAgIQFsnFWCWio2GcIRbdbSj/JjANBgkqhkiG9w0BAQsFADBf
MQswCQYDVQQGEwJSVTETMBEGA1UEChMKWWFuZGV4IExMQzEnMCUGA1UECxMeWWFu
ZGV4IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRIwEAYDVQQDEwlZYW5kZXggQ0Ew
HhcNMTgxMDAzMTg0MTQyWhcNMTkxMDAzMTg0MTQyWjBmMQswCQYDVQQGEwJSVTET
MBEGA1UECgwKWWFuZGV4IExMQzEMMAoGA1UECwwDSVRPMQ8wDQYDVQQHDAZNb3Nj
b3cxDzANBgNVBAgMBlJ1c3NpYTESMBAGA1UEAwwJeWFuZGV4LnJ1MFkwEwYHKoZI
zj0CAQYIKoZIzj0DAQcDQgAEgkRdq2UYgaCAhqhkncjbdkmaSGmioT/iQGf2btuK
ttoDAF4eA98H6cu5ZB7YH8MEXOS4o+WMkpgd1CDWEfKg9qOCCMIwggi+MAwGA1Ud
EwEB/wQCMAAwaQYDVR0fBGIwYDAvoC2gK4YpaHR0cDovL2NybHMueWFuZGV4Lm5l
dC9jZXJ0dW0veWNhc2hhMi5jcmwwLaAroCmGJ2h0dHA6Ly95YW5kZXguY3JsLmNl
cnR1bS5wbC95Y2FzaGEyLmNybDBxBggrBgEFBQcBAQRlMGMwLAYIKwYBBQUHMAGG
IGh0dHA6Ly95YW5kZXgub2NzcC1yZXNwb25kZXIuY29tMDMGCCsGAQUFBzAChido
dHRwOi8vcmVwb3NpdG9yeS5jZXJ0dW0ucGwveWNhc2hhMi5jZXIwHwYDVR0jBBgw
FoAUN1zjGeCyjqGoTtLPq9Dc4wtcNU0wHQYDVR0OBBYEFAXWGCRL+OolAf9LJz0l
7KFclXwtMEwGA1UdIARFMEMwCAYGZ4EMAQICMDcGDCqEaAGG9ncCBQEKAjAnMCUG
CCsGAQUFBwIBFhlodHRwczovL3d3dy5jZXJ0dW0ucGwvQ1BTMB0GA1UdJQQWMBQG
CCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCB4AwggWPBgNVHREEggWG
MIIFgoIJeWFuZGV4LnJ1ggl5YW5kZXgubHSCE3htbHNlYXJjaC55YW5kZXgudWGC
DXd3dy55YW5kZXgubHSCCnlhbmRleC5uZXSCEGltYWdlcy55YW5kZXgucnWCC20u
eWFuZGV4LmZyggttLnlhbmRleC50bYIPbS55YW5kZXguY29tLmdlghd4bWxzZWFy
Y2gueWFuZGV4LmNvbS50coIObS55YW5kZXguY28uaWyCC20ueWFuZGV4LmF6ggl5
YW5kZXgudG2CEHBlb3BsZS55YW5kZXgua3qCFGZhbWlseS55YW5kZXguY29tLnRy
ggttLnlhbmRleC5reoIUeG1sc2VhcmNoLnlhbmRleC5jb22CDXd3dy55YW5kZXgu
a2eCDXd3dy55YW5kZXgudXqCEnBsYXkueWFuZGV4LmNvbS50coIMeWFuZGV4LmNv
LmlsghRnb3JzZWwueWFuZGV4LmNvbS50coIRaW1hZ2VzLnlhbmRleC5jb22CDXlh
bmRleC5jb20uZ2WCEmFpbGUueWFuZGV4LmNvbS50coIJeWFuZGV4LmtnggttLnlh
bmRleC51YYILbS55YW5kZXgubHaCEmdhbWUueWFuZGV4LmNvbS50coINeWFuZGV4
LmNvbS50coIRd3d3LnlhbmRleC5jb20uYW2CD3ZpZGVvLnlhbmRleC51YYIPdmlk
ZW8ueWFuZGV4LnJ1ggl5YW5kZXgua3qCE3ZpZGVvLnlhbmRleC5jb20udHKCCXlh
bmRleC5sdoIRd3d3LnlhbmRleC5jb20uZ2WCCXlhbmRleC5mcoILbS55YW5kZXgu
cnWCDXd3dy55YW5kZXgudWGCDXd3dy55YW5kZXgua3qCCXlhbmRleC5tZIITZ2Ft
ZXMueWFuZGV4LmNvbS50coIQd3d3LnlhbmRleC5jby5pbIIMbS55YW5kZXguY29t
ggl5YW5kZXgudWGCCXlhbmRleC5ieYIQaW1hZ2VzLnlhbmRleC51YYINd3d3Lnlh
bmRleC5mcoILbS55YW5kZXguZWWCDXd3dy55YW5kZXgubWSCDXd3dy55YW5kZXgu
ZWWCFHBlb3BsZS55YW5kZXguY29tLnRyghN4bWxzZWFyY2gueWFuZGV4Lmt6gg13
d3cueWFuZGV4LnJ1ggttLnlhbmRleC5ieYIJeWFuZGV4LmVlghB2aWRlby55YW5k
ZXguY29tggttLnlhbmRleC5tZIIPdmlkZW8ueWFuZGV4LmJ5ghJveXVuLnlhbmRl
eC5jb20udHKCE3htbHNlYXJjaC55YW5kZXgucnWCDXd3dy55YW5kZXgubHaCC20u
eWFuZGV4LnV6gg13d3cueWFuZGV4LnRqghBwZW9wbGUueWFuZGV4LmJ5gg15YW5k
ZXguY29tLmFtghBwZW9wbGUueWFuZGV4LnJ1ghBpbWFnZXMueWFuZGV4Lmt6gg53
d3cueWFuZGV4LmNvbYIRcGVvcGxlLnlhbmRleC5jb22CCnlhbmRleC5jb22CC20u
eWFuZGV4LnRqggttLnlhbmRleC5rZ4IJeWFuZGV4LnV6ggttLnlhbmRleC5sdIIP
bS55YW5kZXguY29tLnRygg13d3cueWFuZGV4LnRtggl5YW5kZXguYXqCD20ueWFu
ZGV4LmNvbS5hbYIUaW1hZ2VzLnlhbmRleC5jb20udHKCCXlhbmRleC50aoIRd3d3
LnlhbmRleC5jb20udHKCE3htbHNlYXJjaC55YW5kZXguYnmCEHBlb3BsZS55YW5k
ZXgudWGCDXd3dy55YW5kZXguYnmCD3ZpZGVvLnlhbmRleC5reoINd3d3LnlhbmRl
eC5heoIQaW1hZ2VzLnlhbmRleC5ieTCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFo
AHUApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFmOzfP9AAABAMA
RjBEAiAolAhfar1sTJhsMCAw17wtAkYOLhkdAckH13OOyKw/UgIgCtw3Ihp8/qTd
u8xCaGFZ8q9xmRv9uzWxUS9DkkQ4/OkAdwDuS723dc5guuFCaR+r4Z5mow9+X7By
2IMAxHuJeqj9ywAAAWY7N8zTAAAEAwBIMEYCIQDIqjaCJ5YR6kRcwNfiXpLYflE5
i8w49kytZ9TE4YkcEQIhAN5lQhsar9tf00pw9e5ZnW+H2fsiMTx5Hd/eKoDmBze0
AHYAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFmOzfOSgAABAMA
RzBFAiEAmnWS77+TrIMgOoRcKi5WSyXPJn3o/HT0kRI24fiwnlYCIHp913gwBq+L
6qr4k6pxhAsaFbjg9I4P2KPowCpSaZZIMA0GCSqGSIb3DQEBCwUAA4IBAQAO7TsG
IfYLAPG2emEZ75rU2uChOZ3MMkSFkozod4BUWdmnJC+OZls2hptgZnhL8YuofAiP
ORT7wuANCgeOA0RJyXmORY4Rt2ZrVUc6o06orahBJbepmBTIN4NfT3s4Bn+M3Uph
GMkdB4BFZiV3JUOL2KofuqhP19YpTzryKw/+s6hl7+Zd9C6ro5xZn/Vrk8f0QyKm
Lx7E2ai+Mcf1X56kW1Bjda9KeN1bP5tYJnxYPX1RH3ghgz71kLz1U/9kmO2i5Her
AxN+aTM9d4tqVAxNxMRZ9zpK3LEztGfYliqyp2X/zWbghfler2fIxQqSqJsm68yX
+11WAgBwSQeUFV6V
-----END CERTIFICATE-----
subject=/C=RU/O=Yandex LLC/OU=ITO/L=Moscow/ST=Russia/CN=yandex.ru
issuer=/C=RU/O=Yandex LLC/OU=Yandex Certification Authority/CN=Yandex CA
---
No client certificate CA names sent
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 5776 bytes and written 373 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-ECDSA-AES128-GCM-SHA256
Session-ID: 35EAE74D63844EAB362ADE4CF0BAC9834F0EF35687120A132C8DF65DBA05AB07
Session-ID-ctx:
Master-Key: 2CA3F3E44D50F09AEEC817F32F2A16C362BD9B63FE2C179ECD46D7A0102243EA9FEE4932E49571496FD8033F3D175950
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 100800 (seconds)
TLS session ticket:
0000 - 14 96 37 5a bc 1e d7 e0-d1 01 c0 ba ed a4 1c 22 ..7Z..........."
0010 - b2 32 05 b1 5c 0f 9b 0a-f4 d4 2c 7b 8d 70 c0 18 .2..\.....,{.p..
0020 - 70 2b ad 23 d6 12 ae 6b-29 17 5a 03 70 4e e6 7b p+.#...k).Z.pN.{
0030 - 52 64 d9 34 f4 28 3a 0a-d1 de 88 4b 59 e1 e3 ea Rd.4.(:....KY...
0040 - f1 d5 25 4f f9 ff c4 0f-bd 92 ec 80 6f c9 e0 1f ..%O........o...
0050 - 91 7b f3 df 88 d3 c8 18-1c 6d 25 ef 3a e4 48 90 .{.......m%.:.H.
0060 - 88 ba 66 15 62 3e 19 db-f9 87 32 c0 8f 5e 83 72 ..f.b>....2..^.r
0070 - 73 12 b4 bc 29 6f f8 3e-a7 62 be 1d 2c f7 11 21 s...)o.>.b..,..!
0080 - 31 63 75 0c 89 6b 1d 3e-2b de 66 d0 81 7e 25 c0 1cu..k.>+.f..~%.
0090 - e8 02 3d 67 41 d5 30 84-60 ab da 1b 8c 2c 09 c5 ..=gA.0.`....,..
Start Time: 1548336347
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
HTTP/1.1 400 Bad request
Content-Length: 0
closed
То же самое к гуглу или openssl.org
openssl s_client -connect www.openssl.org:443 -CAfile cacert.pem
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = www.openssl.org
verify return:1
---
Certificate chain
0 s:/CN=www.openssl.org
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgISA/SO+KT+30SnKP73uk2z31oqMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODExMzAyMjA3MzFaFw0x
OTAyMjgyMjA3MzFaMBoxGDAWBgNVBAMTD3d3dy5vcGVuc3NsLm9yZzCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMVut6E7AEXwIwyLQu7oCiVn0qmnxcjj
2JJVvo1FwGFI1FJokTXIiyd4iDVljGMUCDBbNe9vt62A9Y3C7u1LHavcWq3syi5T
bNpUG3sXn9hrQAA5yahpQtufUiA4DQeajyaipqiI7KfRYqW/nZA3cCVazFiJcmUw
hM/B5ldf9rzv/Y8GGsFkiOmUp+PoWdlE63VATwr7r+fdjCUjmMpOAR/obHDXQHvT
MDZPhBAFwMRV8JOK5M5QjsBHchuVFtz9H+u/7YP+xB/u6ffcWxnGTmBRibED+cTf
Upl2fVVu6gBgDrsANvmdObBAFEMSFNdw5UQmW+lxj57t7Z6iKYp5FYUCAwEAAaOC
AmMwggJfMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB
BQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUGZ7E9NfCYitbgdWaoeOHHjmX
HqIwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUHAQEE
YzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQu
b3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQu
b3JnLzAaBgNVHREEEzARgg93d3cub3BlbnNzbC5vcmcwTAYDVR0gBEUwQzAIBgZn
gQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5s
ZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgB0ftqDMa0z
EJEhnM4lT0Jwwr/9XkIgCMY3NXnmEHvMVgAAAWdm4I7+AAAEAwBHMEUCIHEQX1wf
8ber6HxhGD15dPrw3fZd5hRYPdUcyTUmZSEvAiEAvoa3LYNW4m0PVg/50fRmOqU2
WfD6PrC9ks+GlJgqSfcAdQBj8tvN6DvMLM8LcoQnV2szpI1hd4+9daY4scdoVEvY
jQAAAWdm4I8/AAAEAwBGMEQCICVzO2G02uTM/JC9vrb9FhTvVxT6K4682hd+x0Gm
HsxWAiBfKJ0M4t2UZ+E9RSbx713+ZpfwbS9905uTVBJfbFUDbzANBgkqhkiG9w0B
AQsFAAOCAQEAgmIutggJrPoU/DIa5/SCCZPbBDS0zVcWKTCDnG6CIUOzBNAe/1w1
5F/6aa8CWgJQ1sy4BUZd47PLVo4K0q2Tnu9cszySVKUZcXfPsvn7lPzfNpSqM5m1
OvhWA/OBQp/jeO9bCAVvdpak6cwjlDHNmCUmnrtYtPh0xy+RfcUlVLTecvdVVCkL
VEpDWyaFaZFfU9sFzCIEt5W5PwA7/UIxgnk/R8mZEZDba4CZjIpgcOBPpZizDfmR
zp2bmcIwzWFSNEyxvQ7Qp89o3WnIpn5KFD/GjqcA2AjHUSlpoiy1IazcoTEHXuSB
+esKKKKkOcqV++Rg9wAWxmsCfzQzRKQafg==
-----END CERTIFICATE-----
subject=/CN=www.openssl.org
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 3200 bytes and written 373 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 5FC5B4DE67BDAB026226C4FA9AEEF0A3F24BEC5A84E8082A914EB31F2088533F
Session-ID-ctx:
Master-Key: AF87821C292308E7BE9AF750D410BE19600347173E15EC8F3A1C883999BB31DA217B2C832BA264C8DDCA132050F48755
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 00 00 0c 1e b9 74 6c 2a-28 49 2a 95 fd 2e 23 26 .....tl*(I*...#&
0010 - dd 13 63 60 a0 a3 c2 92-a5 3a 3a e1 c7 af cb a3 ..c`.....::.....
0020 - bb 55 52 a5 cf 5f 29 15-fe d7 05 5f 1e 51 49 a5 .UR.._)...._.QI.
0030 - f0 ef 94 b0 24 08 16 5c-38 b6 4d 6d 52 8e 05 22 ....$..\8.MmR.."
0040 - fa d0 89 63 7a d5 3b a4-26 d0 50 9f f2 88 f7 72 ...cz.;.&.P....r
0050 - 8b d8 b0 93 0d b3 f9 bd-be 0c 7f 11 c7 a8 26 9d ..............&.
0060 - d8 19 1d ee cf 1e a7 7c-62 a2 71 5b 0b ae 8a ec .......|b.q[....
0070 - 3b 82 f9 3f d1 d4 d6 65-2c fa 1a 2d cf 68 77 ef ;..?...e,..-.hw.
0080 - 0d 6a de cf 0e b7 f3 e2-29 ec dd b1 31 e4 b7 54 .j......)...1..T
0090 - b1 85 83 46 cb 97 25 d9-08 e8 f2 68 3b 9a 96 2a ...F..%....h;..*
Start Time: 1548336435
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
Вопрос - что это и куда копать? Нашел похожую проблему тут https://toster.ru/q/551966 Но, откровенно говоря, не понял что и куда подкидывать..
Centos 7 OpenSSL 1.0.1e-fips
