cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: about --cacert

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Thu, 7 Mar 2002 16:37:01 +0100 (MET)

On Thu, 7 Mar 2002, Billy Taylor wrote:

> This is a great tool I've just found out about, which we're hoping to use
> to let people upload files securely. Thanks for writing it.

You're welcome! ;-)

> If I open up https://www.verisign.com/ in IE (say), click on the padlock,
> etc..., and save the issuer's certificate to a file v.cer, so that:
>
> $ openssl x509 -text -inform pem -in v.cer | grep Subject
> Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification
> Authority
>
> Then I should be able to use that certificate with curl --cacert to connect
> to https://www.verisign.com/ and have the peer verified, right?

I'm not an SSL guru, but no I don't think you can do that. This is how I
believe this holds together:

When you save that certificate, you just saved the remote site's server
certifcate, that is not a CA cert.

Instead, you need a CA cert that can be used to verify the server's
certificate when you communicate with it. This bundle might be what you need:

http://curl.haxx.se/ca-cert-bundle.pem.gz

I hope this helps.

-- 
    Daniel Stenberg -- curl groks URLs -- http://curl.haxx.se/

Received on 2002-03-07

This message: [ Message body ]
Next message: G�tz Babin-Ebell: "Re: ANNOUNCE: curl 7.9.5"
Previous message: Richard Prescott: "Re: file:// necessary?"
In reply to: Billy Taylor: "about --cacert"
Next in thread: Billy Taylor: "Re: about --cacert"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]