Hi,
 
I saw this exchange in the archives and I was curious on how to implement it
 
> You could also reject single depth self-signed certs,
> which would make it so that in order to get by curl you'd have to have made
> your own CA and had it sign your own certificate.

Not really - a 'self-signed' certs is just it's own CA - you should be able
to give curl a copy of the cert as a 'trusted root certificate' (like any
other), and it should be happy. You shouldn't need to set up your own CA for
that.

I am using curl with openssl on linux. I have a certificate from a self signed server. The certificate is in the DER format.

I am using openssl to convert the DER cert to a PEM cert like so

openssl x509 -in CCWSCert.cer -inform DER -out CCWS_trust.pem -outform PEM

Question 1 - Do I need to add something like -addtrust or -trustout to the above command to make it a trusted cert?

Question 2 - Once I have converted the cert, what is the curl command line to use that cert? I've tried using -E and --cacert and neither seems appropriate nor seems to work

Any help would be appreciated. I know that this is old hat for most of the more experienced developers, so please take a moment and do a new user a big favor.

Thanks,

Ted

                
---------------------------------
 Start your day with Yahoo! - make it your home page
Received on 2005-08-03