cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: SSL certificate problem

From: Achint Mehta <achintmehta_at_gmail.com>
Date: Thu, 29 Mar 2007 12:00:02 +0530

Hi Ravi,

Can you make sure that the system time on your local server is correct ?
Though its highly unlikely but possible.

The SSL certificates have a validity period containing the Valid after time
and Valid before time. If the local server's system time happens to be
outside this, then the openssl/curl would fail while validating the
certificate.

Regards,
Achint

On 3/28/07, Ravi Dhanshetty <rdhanshetty_at_gmail.com> wrote:
>
> Hello,
>
> I am trying to get login.htm file from my local server, when I use the
> following command I am getting the following error,
> Is anybody know what is the reason for this error.
>
> thanks,
> Ravi Dhanshetty
>
> #curl -v --cacert /home/user/verisign_signed_certificate.crt --cert-type
> DER "https://10.150.123.2/admin/login.htm"
> * About to connect() to 10.150.123.2 port 443 (#0)
> * Trying 10.150.123.2... connected
> * Connected to 10.150.123.2 (10.150.123.2) port 443 (#0)
> * successfully set certificate verify locations:
> * CAfile: /home/ravi/verisign_signed_certificate.crt
> CApath: none
> * SSLv2, Client hello (1):
> * SSLv3, TLS handshake, Server hello (2):
> * SSLv3, TLS handshake, CERT (11):
> * SSLv3, TLS alert, Server hello (2):
> * SSL certificate problem, verify that the CA cert is OK. Details:
> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
> failed
> * Closing connection #0
> curl: (60) SSL certificate problem, verify that the CA cert is OK.
> Details:
> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
> failed
> More details here: http://curl.haxx.se/docs/sslcerts.html
>
>
> curl performs SSL certificate verification by default, using a "bundle"
> of Certificate Authority (CA) public keys (CA certs). The default
> bundle is named curl-ca-bundle.crt; you can specify an alternate file
> using the --cacert option.
> If this HTTPS server uses a certificate signed by a CA represented in
> the bundle, the certificate verification probably failed due to a
> problem with the certificate (it might be expired, or the name might
> not match the domain name in the URL).
> If you'd like to turn off curl's verification of the certificate, use
> the -k (or --insecure) option.
>
>
Received on 2007-03-29