cURL / Mailing Lists / curl-users / Single Mail


Re: Can I make a specific certificate trusted (permanently) without trusting the CA?

From: Johan Johansson <>
Date: Sun, 13 Oct 2013 22:34:14 +0200

On Sat, Oct 12, 2013 at 6:30 PM, Dan Fandrich <> wrote:
> On Sat, Oct 12, 2013 at 05:01:14PM +0200, Johan Johansson wrote:
>> I am using an application that under the hood uses curl. I would like
>> to be able to use https urls in this application, but it uses a site
>> with a certificate from a CA that is not in the CA bundle - and for
>> good reason. I do however trust this particular site (certificate). Is
>> there a way to make the site certificate trusted (and only the site
>> certificate)?
> You should be able to pass in the certificate with --cacert

Doesn't work/I'm not doing it right. I downloaded the certificate
chain using openssl s_client as instructed on I tried both cutting out the
individual PEM-sections into their own file and using the entire file
as the --cacert argument. All of them result in

* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
* Closing connection #0

List admin:
Received on 2013-10-13