Where did curl find that certificate?
Date: Sat, 6 Jun 2020 08:23:51 -0700
I am using the curl library in PHP for a WordPress website. Validation of a
certificate for a website that I regularly interact with stopped working.
After a fair amount of debugging I finally discovered that the root
certificate being used expired on May 30, 2020. However, the CA replaced
that certificate in March 2019 with a new expiration date of December 31,
2028. Neither the expired or replacement certificate appears in the CAfile
reported in curl debugging output and the output shows the CApath as none. I
tried adding the replacement certificate to CApath, but it still failed to
validate. (Stopping and starting the server did not make any difference
How can I find out where curl got the expired certificate from? Is there
something more I need to do besides adding the correct certificate to CApath
to get curl to use the new certificate?
Note: I have a ton of sanitized debugging output that I can share with
anyone who wants to take a look.