curl-library
Re: SEC_ERROR_CA_CERT_INVALID
Date: Fri, 02 Jan 2015 11:49:25 +0100
On Monday 29 December 2014 11:38:10 MM wrote:
> Hello,
> I have a apache with 2 ssl self signed certificates serving git data.
>
> With a usage of git (git uses libcurl-7.32.0)
> * Couldn't find host MYHOMEHOSTNAME in the .netrc file; using defaults
> * Adding handle: conn: 0xf97030
> * Adding handle: send: 0
> * Adding handle: recv: 0
> * Curl_addHandleToPipeline: length: 1
> * - Conn 0 (0xf97030) send_pipe: 1, recv_pipe: 0
> * About to connect() to MYHOMEHOSTNAME port 443 (#0)
> * Trying MYHOMEIPADDRESS...
> * Connected to MYHOMEHOSTNAME (MYHOMEIPADDRESS) port 443 (#0)
> * Initializing NSS with certpath: sql:/etc/pki/nssdb
> * CAfile: <homedir>/git-certs/cert.pem
> CApath: none
> * Server certificate:
> * subject: CN= MYHOMEHOSTNAME,O=MYCO,L=MYCITY,C=MYCOUNTRY
> * start date: Dec 10 22:20:18 2014 GMT
> * expire date: Dec 10 22:20:18 2024 GMT
> * common name: MYHOMEHOSTNAME
> * issuer: CN= MYHOMEHOSTNAME,O= MYCO,L= MYCITY,C= MYCOUNTRY
> * NSS error -8156 (SEC_ERROR_CA_CERT_INVALID)
> * Issuer certificate is invalid.
> * Closing connection 0
>
>
>
> Is it at all possible to have verification for self-signed certificates?
Yes.
> I have compared the certificate i have in my local file cert.pem and the
> one i have on the server side cert file and they are identical.
That does not imply that your cert.pem can be used as a CA certificate.
How exactly did you create that file?
Kamil
> Regards,
>
> MM
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-01-02