curl / Mailing Lists / curl-users / Single Mail


Re: Using curl behind a proxy: unable to get local issuer certificate

From: Daniel Stenberg <>
Date: Mon, 29 Jan 2018 10:53:08 +0100 (CET)

On Sat, 27 Jan 2018, $BEN=(Es(J via curl-users wrote:

> I want to visit, in a linux server. I have set environment
> variable HTTP_PROXY and HTTPS_PROXY, when I issued this command:
> *% curl -LO
> <>*
> I got this error: *unable to get local issuer certificate*

This error is usually what you get when the server doesn't send you the full
set of certificates. Usually there's a missing intermediate certificate.

Athough in this case, I can curl this site just fine so I would perhaps rather
suspect that your CA store is incomplete / out-of-date?

> When I was trying to solve the problem, I found that, the certificate my
> browser and the openssl showcerts command shows different while they were
> using the same proxy.
> In my browser, I got certificates like this:
> *SECOND: <>*

Having your company accepted in the browser's CA store is a sign that you're
using a MITM proxy and your traffic is intercepted and inspected. That is
intself not a reason for an error, but perhaps you don't have your company's
CA cert in your CA store for your curl command?

> I want to know why,

I don't know! It's not a common scenario...


Received on 2018-01-29