> From: snafu_101_at_hotmail.com
> To: curl-users_at_cool.haxx.se
> Subject: Problem with GoDaddy CA Certificate
> Date: Thu, 31 Jan 2008 11:36:40 -0500
>
>
> All:
>
> I have to communicate with a test server using https that has a certificate issued by GoDaddy. This was not in the bundle of certificates so I followed the instructions to get the certificate and create a PEM format file.
>
> curl -G http://certificates.godaddy.com/repository/gd_intermediate.crt> godaddy.cert
> openssl x509 -inform PEM -n godaddy.cert -out godaddy.pem -text
>
>
> If I test this on a system where curl is version 7.16.2 compiled with GnuTLS 1.6.2 using:
> curl --cacert godaddy.pem -G https://my.test.server/ -v
> It works like a charm.
>
> However if I run the same test on a different machine with curl version 5.15.5 compiled with OpenSSL version 0.9.8c it fails 'certificate verify failed'.
>
> It also fails on another box with curl 7.16.2 compiled with OpenSSL version 0.9.8e.
>
> What did I do wrong?
>
> Thanks in advance.
>

Problem solved. Looking at FireFox's certificates it became a bit more obvious that 2 certificates were required for validation.

It is still puzzling why the curl compiled with TLS worked and the other compiled with SSL didn't?

The following describes the process:

curl -G http://certificates.godaddy.com/repository/gd-class2-root.crt >
gd-class2-root.cert
openssl x509 -inform PEM -in gd-class2-root.cert -out gd-class2-root.pem
-text
curl -G http://certificates.godaddy.com/repository/gd_intermediate.crt >
gd_intermediate.cert
openssl x509 -inform PEM -in gd_intermediate.cert -out gd_intermediate.pem
-text
cat gd_intermediate.pem gd-class2-root.pem >
gd-bundle.pem

_________________________________________________________________
Climb to the top of the charts! Play the word scramble challenge with star power.
http://club.live.com/star_shuffle.aspx?icid=starshuffle_wlmailtextlink_jan
Received on 2008-02-01