cURL / Mailing Lists / curl-users / Single Mail


Re: Error code interpretation

From: Daniel Stenberg <>
Date: Fri, 9 Jun 2006 15:08:39 +0200 (CEST)

On Fri, 9 Jun 2006, Dave Pawson wrote:

>> No. You need to keep all certificates apart. There's the server certificate
>> (which all servers doing SSL must have), there's a bundle a CA certs used
>> to verify the server's cerficiate, and there's (optionally) a client
>> certificate that the server can use to verify you.
> This bundle being on the client?

The CA bundle is on the client, yes.

> The curl manual says that for windows, curl-ca-bundle.crt may be found in
> the current directory or any diretory on the path?


> Does this mean that --cacert does not override this on Windows?


>> Yes, you can override the default CA cert path with the --cacert option.
>> You used the --cert option which provides a client certificate.
> My bad. sorry. trying with --cacert - same result.

So then the cacert is not good or you need to append your new CA cert to the
existing bundle and use the newly created one for verification.

> I've generated a PEM 'certificate'

You "generated" it? Then what good would it do? It needs to be a properly made
CA cert made for the sole purpose of verifying server certificate's authority.

> How can I add it to the curl 'bundle' please Daniel?

$ cat bundle newcert > newbundle

  Commercial curl and libcurl Technical Support:
Received on 2006-06-09