curl-users
Re: SSL Certificate Issues
Date: Mon, 10 Dec 2012 20:42:22 -0500
On Mon, December 10, 2012 7:13 am, Ralph Mitchell wrote:
> On Dec 10, 2012 2:25 AM, "Stephen R Guglielmo" <srg_at_guglielmo.us> wrote:
>>
>> Hey list. I'm trying to figure out this https stuff. It's been driving
>> me
>> nuts, and I really do not want to use --insecure.
>>
>> So I'm trying to do a HTTP request via ssl, and it keeps failing with a
>> certificate error. I got the certificate via `openssl s_client .... |
>> tee
>> file` then converted it into pem via `openssl x509 ....`
>>
>> I then moved the pem into /usr/local/openssl/certs/ and ran c_rehash as
> root.
>> I ran `curl -I --capath /usr/local/openssl/certs url` and it is not
>> working. It keeps saying the certificate is invalid.
>>
>> I checked ldd on all the programs involved to make sure they are using
>> the
>> same libssl.so library, which they are. I tried it as root, and tried
>> messing with the permissions of the files in /usr/local/openssl/certs/
>> to
>> no avail. And I did try using curl with --insecure, which was
>> successful.
>> But I really don't want to use --insecure forever.
>>
>> The OS is FreeBSD 9.0. The software versions are:
>> OpenSSL 1.0.1c 10 May 2012
>> curl 7.24.0 (amd64-portbld-freebsd9.0) libcurl/7.24.0 OpenSSL/1.0.1c
>> zlib/1.2.5
>> Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s
>> rtsp
>> smtp smtps telnet tftp
>> Features: Largefile NTLM NTLM_WB SSL libz TLS-SRP
>>
>> Any tips? Thank you!
>
> Try --insecure along with -v to get the reason for the certificate being
> rejected. Most likely it will be that you don't have the whole certificate
> chain. You need the cert from the CA that signed the server cert, and from
> the CA that signed that, etc.
>
> Ralph Mitchell
Ah, ok. I used your suggestion, it said the certificate was self-signed.
So I would need the cert from the CA that the remote server created to
sign their SSL cert with?
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-12-11