curl-users
Re: about --cacert
Date: Thu, 07 Mar 2002 17:50:35 +0000
> > Then I should be able to use that certificate with curl --cacert to
>connect > to https://www.verisign.com/ and have the peer verified, right?
>
>
>I'm not an SSL guru, but no I don't think you can do that. This is how I
>believe this holds together:
It was the issuer's (CA) certificate I saved.
>When you save that certificate, you just saved the remote site's server
>certifcate, that is not a CA cert.
I went up the chain to get the CA certificate.
>Instead, you need a CA cert that can be used to verify the server's
>certificate when you communicate with it. This bundle might be what you
>need:
>
>
> http://curl.haxx.se/ca-cert-bundle.pem.gz
>
>
>I hope this helps.
Certainly did! I notice that that bundle is quite old, and is missing
at least one intermediate CA (the one that signed the site I couldn't verify
against) so it still didn't verify.
However from my earlier download, I had the intermediate CA cert I
wanted to verify against. So I just cat'd that file onto the end of
your bundle and hey presto the site verifies now. I guess someone in the
bundle signed the intermediate CA that signed the site in question.
Thanks and Cheers,
Billy.
_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com
Received on 2002-03-07