curl / Mailing Lists / curl-users / Single Mail


Re: Curl failed to authenticate CA server certificate

From: Daniel Stenberg <>
Date: Fri, 18 Jan 2019 10:50:45 +0100 (CET)

On Fri, 18 Jan 2019, Deepak SP wrote:

> curl: (35) error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib

This very cryptic message means that OpenSSL somehow barfed on the certificate
and return an error to curl. It is unfortunately all the info we have on the

I would *suspect* that your certificate is using an outdated algorithm
somewhere or something but I really can't tell for sure.

If you get a ca cert bundle from and
use that when contacting a regular public HTTPS site, does that work? It
really should.

> It will be very helpful if you can give some guidance why the curl is
> failing here.

To further debug this, I would suggest switching to trying the openssl command
line tool so that you rule out curl's involvement and work directly with
OpenSSL and if the problems remain, you take them to the openssl team.

I'm sorry to have to redirect you somewhere else and I don't mean to "shift
blame", but they are without doubt the better people to answer questions about
what's going on here and why.

Received on 2019-01-18