cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Help with Thawte SGC CA Supercert

From: Sojish K <sojish_at_sojish.com>
Date: Thu, 4 May 2006 03:40:34 +0530

On Thursday 04 May 2006 2:41 am, Daniel Stenberg wrote:
>
> So adding the cacert for that cert to the cabundle doesn't help?
>
> If so, care to explain how you did it?

[root_at_localhost ~]# openssl s_client -connect www.dotregistrar.com:443 |tee logfile

From the logfile removed all lines except the cert ( Between Begin and End )

[root_at_localhost ~]# openssl x509 -inform PEM -in logfile -text -out certdata.pem

Tried both appending it to the existing CA bundle and also in the command line

[root@localhost ~]# curl --cacert certdata.pem https://www.dotregistrar.com -v

This command gave the final error
======
* About to connect() to www.dotregistrar.com port 443
* Trying 209.67.69.23... connected
* Connected to www.dotregistrar.com (209.67.69.23) port 443
* successfully set certificate verify locations:
* CAfile: certdata.pem
CApath: none
* SSLv2, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS alert, Server hello (2):
SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
* Closing connection #0
Received on 2006-05-04

This message: [ Message body ]
Next message: Ravi Malghan: "Re: curl usage with https"
Previous message: Dan Fandrich: "Re: Help with Thawte SGC CA Supercert"
In reply to: Daniel Stenberg: "Re: Help with Thawte SGC CA Supercert"
Next in thread: Daniel Stenberg: "Re: Help with Thawte SGC CA Supercert"
Reply: Daniel Stenberg: "Re: Help with Thawte SGC CA Supercert"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]