SSL certificate error

curl ssl ssl-certificate

47,742

Solution 1

It's your self-signed certificate that you should add to your CA bundle. Otherwise, curl can't know it can be trusted.

Solution 2

I finally found the location on OSX (10.8) : /usr/share/curl/cacert.pem so I added my self-signed certificate to it, and the restarted my node-ssl server..

then curl command is now running fine wo the -k option

curl -v --user 1234567890:abcdefghijklmnopqrstuvwxyz --data "grant_type=password&username=yves&password=123456789" https://macMini.local:8000/oauth/token

* About to connect() to macMini.local port 8000 (#0)
*   Trying 192.168.1.14...
* connected
* Connected to macMini.local (192.168.1.14) port 8000 (#0)
* successfully set certificate verify locations:
*   CAfile: /usr/share/curl/cacert.pem
  CApath: none
...

47,742

Author by

Cœur

Everybody should contribute to clean up Stack Overflow. SO is intended to be a top-quality Q&A site, meant not just for the OP, but for posterity. Thanks to search engines, questions and answers become authoritative for the whole Internet. --Paul Draper TODO: disambiguate the 18,300+ duplicate titles from 41,600+ questions fix the uneditable titles (1,117 titles with length < 15) fix the uneditable titles (containing "help", "problem", "question", "doubt", …) fix the uneditable messages (containing "mydomain.com", "domain.com", "mysite.com", "site.com", "abc.com", "xyz.com", …) fix the uneditable messages with link shorteners (5,032 url:goo.gl, 3,673 url:bit.ly, 1,982 url:tinyurl.com, 1,748 url:cl.ly, …) remove the dead images/codes (8,051 url:imageshack.us, 2,818 url:pastie.org, 2,307 url:photobucket, 430 url:skitch.com, 214 url:rapidshare.com, 78 url:paste.ofcode.org, 58 url:expirebox.com, 4 url:megaupload.com, …) fix the broken links in messages, broken links to connect.microsoft.com, … review the potentially broken Apple links: #DOCUMENTATION in the URL, /library but not /archive in the URL, url:developer.apple.com/mac/library, url:developer.apple.com/safari/library rollback the 99+ solved, resolved, fixed, answered titles (meta, alternative query) correct the spelling in titles correct the 6,600+ "thanks in advanced" and 1,100+ "thanks in advice", …

Updated on August 02, 2022

Comments

Cœur almost 2 years
I am testing SSL access to a local node server with key,ca,cert in options ( self-signed w OpenSSL)
```
var server_options = {
  key: fs.readFileSync('/etc/ssl/self-signed/server.key'),
  ca: fs.readFileSync('/etc/ssl/self-signed/server.csr'),
  cert: fs.readFileSync('/etc/ssl/self-signed/server.crt')
};
```
trying to access it:
```
curl -v --user 1234567890:abcdefghijklmnopqrstuvwxyz --data "grant_type=password&username=yves&password=123456789" https://macMini.local:8000/oauth/token
```
using curl I get the following error:

curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

I downloaded the ca certificate from http://curl.haxx.se/ca/cacert.pem and add them to my curl-ca-bundle-new.crt file, as suggested in some posts related to curl... but no way

here is the log
- About to connect() to macMini.local port 8000 (#0)
  - Trying 192.168.1.14...
  - connected
  - Connected to macMini.local (192.168.1.14) port 8000 (#0)
  - SSLv3, TLS handshake, Client hello (1):
  - SSLv3, TLS handshake, Server hello (2):
  - SSLv3, TLS handshake, CERT (11):
  - SSLv3, TLS alert, Server hello (2):
  - SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
  - Closing connection #0 curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html
I know I can bypass the Curl CA checking, using:
```
curl -k -v --user 1234567890:abcdefghijklmnopqrstuvwxyz --data "grant_type=password&username=yves&password=123456789" https://macMini.local:8000/oauth/token
```
in which case it's running fine, I can see:

SSL certificate verify result: self signed certificate (18), continuing anyway.

but I'd like to know if there is any way to solve this issue...
Admin over 10 years

thanks, I just had some difficulty to find where the cacert.pem was located on OSX (10.8) see above....
Mark Fox about 10 years

Generally it's better form to include an "update" section in the question rather than provide your findings as an answer
om-nom-nom over 9 years

@MarkFox no, it's not. If original poster found an answer, it should be an answer
Mark Fox over 9 years

@om-nom-nom you're right — in some cases it is better to update, but I stand corrected.