cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Curl problem on Windows: curl: (60) SSL certificate problem

From: Gabriel Petrovay <gabriel.petrovay_at_28msec.com>
Date: Wed, 12 Jan 2011 12:15:37 +0100

Thanks Alex for the reply.

But https URLs work on both Windows and Linux in the browsers. So, the
CA Cert on both platforms are correct.

The problem is that when making a request with Curl, it doesn't work
on Windows. It reports that "curl: (60) SSL certificate problem"

I have tried with URLs like:
https://api-3t.sandbox.paypal.com/nvp
https://www.credit-suisse.com/ch/en/
They are all refused on Windows unless I provide the -k option.

So I wonder what is not properly configured on Windows or if this is a
bug in Curl for Windows, not accessing the available certificates on
the platform?

Regards,
Gabriel

On Wed, Jan 12, 2011 at 11:26 AM, Alex Bligh <alex_at_alex.org.uk> wrote:
>
>
> --On 12 January 2011 11:07:56 +0100 Gabriel Petrovay
> <gabriel.petrovay_at_28msec.com> wrote:
>
>> Is this a bug, feature or "by design"? If the letter two, why? Where
>> does curl pick the certificates on Windows from (that is different
>> from other platforms)?
>
> As in the text you quoted:
>
>> curl performs SSL certificate verification by default, using a "bundle"
>> �of Certificate Authority (CA) public keys (CA certs). The default
>> �bundle is named curl-ca-bundle.crt; you can specify an alternate file
>> �using the --cacert option.
>> If this HTTPS server uses a certificate signed by a CA represented in
>> �the bundle, the certificate verification probably failed due to a
>> �problem with the certificate (it might be expired, or the name might
>> �not match the domain name in the URL).
>
> So, you know the certificate doesn't have a problem as it works on
> Windows. This would tend to indicate the CA Cert bundle on your
> windows platform includes the CA's certificate, but the CA Cert
> bundle on Linux doesn't. This can normally be fixed by installing
> a package of up to date CA certificates. Note these aren't part
> of curl but part of your distribution.
>
> --
> Alex Bligh
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-users
> FAQ: � � � �http://curl.haxx.se/docs/faq.html
> Etiquette: �http://curl.haxx.se/mail/etiquette.html
>

-- 
Gabriel Petrovay
Software Architect
28msec Inc.
http://www.28msec.com/
http://twitter.com/28msec
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2011-01-12

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: Curl problem on Windows: curl: (60) SSL certificate problem"
Previous message: Alex Bligh: "Re: Curl problem on Windows: curl: (60) SSL certificate problem"
In reply to: Alex Bligh: "Re: Curl problem on Windows: curl: (60) SSL certificate problem"
Next in thread: Daniel Stenberg: "Re: Curl problem on Windows: curl: (60) SSL certificate problem"
Reply: Daniel Stenberg: "Re: Curl problem on Windows: curl: (60) SSL certificate problem"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]