curl-users
unable to get certificate CRL
Date: Thu, 28 Mar 2013 16:31:28 +0800
Hi,
When I use curl with crlfile, I got following error.
What does it mean "unable to get certificate CRL"?
Is it trying to get CRL from server cert or CA cert? If yes, why do
that? (I already specified the CRL file)
curl --capath ca https://10.155.60.222 -v --crlfile crl.pem
* About to connect() to 10.155.60.222 port 443 (#0)
* Trying 10.155.60.222...
* connected
* Connected to 10.155.60.222 (10.155.60.222) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: ca
* successfully load CRL file:
* CRLfile: crl.pem
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: unable to get certificate CRL
* Closing connection #0
curl: (60) SSL certificate problem: unable to get certificate CRL
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-03-28