curl / Mailing Lists / curl-users / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Where did curl find that certificate?

From: Tony Lewis via curl-users <>
Date: Sat, 6 Jun 2020 08:23:51 -0700

I am using the curl library in PHP for a WordPress website. Validation of a
certificate for a website that I regularly interact with stopped working.
After a fair amount of debugging I finally discovered that the root
certificate being used expired on May 30, 2020. However, the CA replaced
that certificate in March 2019 with a new expiration date of December 31,
2028. Neither the expired or replacement certificate appears in the CAfile
reported in curl debugging output and the output shows the CApath as none. I
tried adding the replacement certificate to CApath, but it still failed to
validate. (Stopping and starting the server did not make any difference


How can I find out where curl got the expired certificate from? Is there
something more I need to do besides adding the correct certificate to CApath
to get curl to use the new certificate?


Note: I have a ton of sanitized debugging output that I can share with
anyone who wants to take a look.



Received on 2020-06-06