SSL CA cert (path? access rights?)

ssl curl openssl centos certificate

50,322

Solution 1

More easy solution for centos 6/7. Remove ca and reinstall certificate.

rm -f /etc/ssl/certs/ca-bundle.crt && yum reinstall -y ca-certificates

Problem that if you just only reinstall certs. This will dont replace ca-bundle. Leave it new with .rpmnew name.

Solution 2

this worked for me : centos 6

mkdir /usr/src/ca-certificates && cd /usr/src/ca-certificates

wget http://mirror.centos.org/centos/6/os/x86_64/Packages/ca-certificates-2015.2.6-65.0.1.el6_7.noarch.rpm

rpm2cpio ca-certificates-2015.2.6-65.0.1.el6_7.noarch.rpm | cpio -idmv

cp -pi ./etc/pki/tls/certs/ca-bundle.* /etc/pki/tls/certs/

do yes to override

to check :

curl -vvv https://www.unixy.net

Solution 3

Solution from here https://www.virtualmin.com/node/35857

nss-softokn breaks yum/rpm in CentOS 6 In order to fix it do the following:

wget http://mirror.centos.org/centos/6/updates/x86_64/Packages/nss-softokn-fr...

rpm2cpio nss-softokn-freebl-3.14.3-19.el6_6.x86_64.rpm | cpio -idmv

cd lib64

cp libfreeblpriv3.* /lib64

yum update # sync new repo package

50,322

Author by

BradMcA

Updated on September 08, 2021

Comments

BradMcA over 2 years
I am using CentOs 6.6 64bit, and have a problem when using curl. The server primarily hosts several wordpress blogs using apache and mysql.

My simplest means to generate the error is with the following yum command which outputs the below
```
yum list "ca-certi*"

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Could not get metalink https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=x86_64 error was
14: PYCURL ERROR 77 - "Problem with the SSL CA cert (path? access rights?)"
 * base: cosmos.cites.illinois.edu
 * epel: mirror.cogentco.com
 * extras: mirrors.rit.edu
 * updates: mirrors.rit.edu
Installed Packages
ca-certificates.noarch                 2014.1.98-65.1.el6                  @base
```
Soutions tried and failed so far based from googling around

1) I have tried restarting the VPS, no good

2) Executing curl http://curl.haxx.se/ca/cacert.pem -o /etc/pki/tls/certs/ca-bundle.crt without any luck

3) This solution was no good at all, as it relies on yum to solve the SSL problem that yum also suffers http://syslint.com/syslint/curl-77-problem-with-the-ssl-ca-cert-path-access-rights-solved/

Can I run these yum steps to install with wget?, would you think it would help?
```
# yum reinstall ca-certificates

# yum reinstall openssl
```
I think virtualmin had installed some updates in the last 24 hours, is there a log of updates it ran somewhere?

Can anyone please help get around this "Problem with the SSL CA cert (path? access rights?)" problem.

TIA
Odecif over 6 years

Also works with centos 7 by changing the URL to centos/7/os/x86_64/Packages/ca-certificates-2017.2.14-71.el7‌.noarch.rpm in order to reflect new version.
Pancho over 5 years

I didn't realise that this problem was because I'd deleted ca-bundle.crt (because we use external certificates and i didn't realise it was needed) . I did what you suggest here - without the rm -f step - and the problem was resolved. thank you!