cURL / Mailing Lists / curl-users / Single Mail

curl-users

VeriSign issue: "verify that the CA cert is OK"

From: thomas Armstrong <tarmstrong_at_gmail.com>
Date: Wed, 23 Jan 2008 13:42:27 +0100

Hi.

Using cURL with Linux, I want to make a webservice request to a remote
server which requires an X509 cert.

I got a Trial SSL Certificate by Verisign and obtained three files:
- ssl.key (private key, generated by my server)
- verisign.crt (SSL certificate by Verisign)
- verisign-ca.crt (Intermediate and Root Trial CA by Verisign)
These two last files were obtained from:
http://www.verisign.com/support/verisign-intermediate-ca/trial-secure-server-intermediate/index.html
http://www.verisign.com/support/verisign-intermediate-ca/Trial_Secure_Server_Root/index.html

I tried with:

[]# curl -d "firstName=John&lastName=Smith" -G -v --key ssl.key --cert
verisign.crt --cacert verisign-ca.crt
https://www.domain.com/webservice.asp

But I got this error message:
--------
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
* Closing connection #0
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html
----------

Must I send VeriSign Intermediate and Root CA certificates to
webservice server so that they install it? Thank you very much.
Received on 2008-01-23