cURL / Mailing Lists / curl-users / Single Mail

curl-users

Problem with selfsigned cert

From: Janne H <jannehson51_at_yahoo.com>
Date: Thu, 24 Feb 2011 23:52:53 -0800 (PST)

Hello.

I'm having some problem with a selfsigned cert.

I can successfully run:

curl -k -E mypem.pem:sekret https://foo.bar:886/test.php

but I would like to skip the -k switch.

I have done
openssl s_client -connect foo.bar:886 |tee logfile

and
openssl x509 -inform PEM -in logfile -text -out certdata

shows some reasonable data when I look in the file certdata

Then

curl --cacert logfile -E mypem.pem:sekret https://foo.bar:886/test.php

fails with this message:

curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

Well, here's the problem I've tried to read the doc, but I guess I'm just too stupid to get it.
So, can any one help me here with the commands I should run to get this working?

Janne

      
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-02-25