curl-users
Re: Can I make a specific certificate trusted (permanently) without trusting the CA?
Date: Sun, 13 Oct 2013 22:34:14 +0200
On Sat, Oct 12, 2013 at 6:30 PM, Dan Fandrich <dan_at_coneharvesters.com> wrote:
> On Sat, Oct 12, 2013 at 05:01:14PM +0200, Johan Johansson wrote:
>> I am using an application that under the hood uses curl. I would like
>> to be able to use https urls in this application, but it uses a site
>> with a certificate from a CA that is not in the CA bundle - and for
>> good reason. I do however trust this particular site (certificate). Is
>> there a way to make the site certificate trusted (and only the site
>> certificate)?
>
> You should be able to pass in the certificate with --cacert
Doesn't work/I'm not doing it right. I downloaded the certificate
chain using openssl s_client as instructed on
http://curl.haxx.se/docs/sslcerts.html. I tried both cutting out the
individual PEM-sections into their own file and using the entire file
as the --cacert argument. All of them result in
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
* Closing connection #0
Johan
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-10-13