cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: SSL Certificate Issues

From: Stephen R Guglielmo <srg_at_guglielmo.us>
Date: Mon, 10 Dec 2012 20:42:22 -0500

On Mon, December 10, 2012 7:13 am, Ralph Mitchell wrote:
> On Dec 10, 2012 2:25 AM, "Stephen R Guglielmo" <srg_at_guglielmo.us> wrote:
>>
>> Hey list. I'm trying to figure out this https stuff. It's been driving
>> me
>> nuts, and I really do not want to use --insecure.
>>
>> So I'm trying to do a HTTP request via ssl, and it keeps failing with a
>> certificate error. I got the certificate via `openssl s_client .... |
>> tee
>> file` then converted it into pem via `openssl x509 ....`
>>
>> I then moved the pem into /usr/local/openssl/certs/ and ran c_rehash as
> root.
>> I ran `curl -I --capath /usr/local/openssl/certs url` and it is not
>> working. It keeps saying the certificate is invalid.
>>
>> I checked ldd on all the programs involved to make sure they are using
>> the
>> same libssl.so library, which they are. I tried it as root, and tried
>> messing with the permissions of the files in /usr/local/openssl/certs/
>> to
>> no avail. And I did try using curl with --insecure, which was
>> successful.
>> But I really don't want to use --insecure forever.
>>
>> The OS is FreeBSD 9.0. The software versions are:
>> OpenSSL 1.0.1c 10 May 2012
>> curl 7.24.0 (amd64-portbld-freebsd9.0) libcurl/7.24.0 OpenSSL/1.0.1c
>> zlib/1.2.5
>> Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s
>> rtsp
>> smtp smtps telnet tftp
>> Features: Largefile NTLM NTLM_WB SSL libz TLS-SRP
>>
>> Any tips? Thank you!
>
> Try --insecure along with -v to get the reason for the certificate being
> rejected. Most likely it will be that you don't have the whole certificate
> chain. You need the cert from the CA that signed the server cert, and from
> the CA that signed that, etc.
>
> Ralph Mitchell

Ah, ok. I used your suggestion, it said the certificate was self-signed.
So I would need the cert from the CA that the remote server created to
sign their SSL cert with?

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-12-11

This message: [ Message body ]
Next message: Raviteja Tirumalasetti: "Issue with file upload using curl"
Previous message: Ralph Mitchell: "Re: SSL Certificate Issues"
In reply to: Ralph Mitchell: "Re: SSL Certificate Issues"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]