curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Adding Mozzila CA certificates

From: Luis Carlos Chalaca Figueira via curl-library <>
Date: Mon, 27 Nov 2023 15:03:38 +0000


While developing a crawler I realized that some websites that can be
displayed by Chrome and Firefox would throw SSL errors on libcurl requests


SSL connect error

SSL routines::unsafe legacy renegotiation disabled

SSL peer certificate or SSH remote key was not OK

Therefore I had the idea of adding the certificates used by firefox to
prevent that.

I downloaded the cacert.pem file from and added it to the ca store with
the following commands:

$ openssl x509 -in cacert-Mozzila.pem -out cacert-Mozzila.crt

$ sudo cp cacert-Mozzila.crt /usr/local/share/ca-certificates

$ sudo update-ca-certificates

However those sites continue to throw dose errors. What have I missed to
be able to get the same responses as firefox?

Luis Figueira
Received on 2023-11-27