cURL says certificate is expired, Firefox disagrees

ssl curl openssl
12,197

Solution 1

Your cert bundle is probably out of date.

You can get one that's maintained by the curl developers at http://curl.haxx.se/ca/cacert.pem

To use it:

<?
$ch = curl_init("http://example.com");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAINFO, '/path/to/cacert.pem');
$response = curl_exec($ch);

Solution 2

My curl is using the certificate bundle stored in:

/etc/ssl/certs/ca-certificates.crt

I've had this problem in the past, and I fixed it by looking at a machine where curl was working and comparing the .crt files from those two machines, and copying the missing certificate over.

I just had this problem again, and I fixed it this time by just copying the entire file over from the newer machine (a more recent Ubuntu install----the machine where I have the problem is ancient).

And it worked.

Share:
12,197
lelandbatey
Author by

lelandbatey

Currently a student at WSU Tri-Cities and an intern at Pacific Northwest National Laboratory (PNNL).

Updated on July 20, 2022

Comments

  • lelandbatey
    lelandbatey almost 2 years

    I'm trying to access an internal site via cURL (which I could access several days ago). However, cURL gives the error curl: (60) SSL certificate problem: certificate has expired. If I use openssl to check the start and end dates of the certificate, it gives a timeframe that I'm well within:

    echo | openssl s_client -connect internalsite.example.com:443 2>/dev/null | openssl x509 -noout -dates
notBefore=Nov 30 00:00:00 2012 GMT
notAfter=Mar 30 12:00:00 2016 GMT
# For reference, the day I'm posting this is July 30th, 2014

    Additionally, if I use cURL on a different computer, or connect via the browser (Firefox, Chrome, or IE), I can connect without error.

    Also, I'm unable to connect with any version of cURL on my own computer; this includes cURL in Cygwin and cURL on Ubuntu inside a virtual machine, as well as the Windows version.

    What might give rise to this behaviour?

  • lelandbatey
    lelandbatey almost 10 years
    I updated my cert bundle using the one from the curl devs, and I even re-installed curl. Neither of those things resolved the problems I'm having.
  • Paolo Stefan
    Paolo Stefan over 4 years
    This seems not to work (anymore?). I've had this issue on an Ubuntu 16 machine and another Ubuntu 16 was working, but copying the file and telling curl to use it didn't help in any way.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Laravel Guzzle : curl error 77 error setting certificate verify locations
/usr/local/ssl/lib/libcrypto.a: could not read symbols: Bad value
curl: RSA_padding_check_PKCS1_type_1:invalid padding
SSL certificate generated with OpenSSL not working on NSS
curl: (35) error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version /home/mohan/mesg
Ubuntu 16.04 openssl s_client write:errno=104
When I try to CURL a website I get SSL error
Ubuntu 20.04 - how to set lower SSL security level?
Disable SSLv3 In cURL?
curl - SSL peer does not support certificates of the type it received