Created
April 16, 2014 01:04
curl SSL3_GET_SERVER_CERTIFICATE error fix
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # I recently got the following error while using curl: | |
| # curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: | |
| # error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed | |
| openssl s_client -connect www.whateverserver.com:443 |tee logfile | |
| # then QUIT <RETURN> | |
| # copy from BEGIN CERTIFICATE to END CERTIFICATE into /tmp/certstuff.pem | |
| openssl x509 -inform PEM -in /tmp/certstuff.pem -text -out certdata | |
| cat certdata | |
| # in there, I saw this line: | |
| # CA Issuers - URI:http://crt.comodoca.com/COMODOSSLCA.crt | |
| wget http://crt.comodoca.com/COMODOSSLCA.crt | |
| openssl x509 -inform DES -in COMODOSSLCA.crt -out COMODOSSLCA.pem -outform PEM | |
| # at this point you should be able to append: | |
| # --cacert COMODOSSLCA.pem | |
| # to your original curl inquiry, and have it work without the error | |
| # now install it permanently in ubuntu 12.04 -- note the file extension must be .crt to work | |
| sudo cp COMODOSSLCA.pem /usr/local/share/ca-certificates/COMODOSSLCA.crt | |
| sudo update-ca-certificates |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment