Changelog Development Documentation Download libcurl Mailing Lists News
cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: Curl problem on Windows: curl: (60) SSL certificate problem

From: Gabriel Petrovay <gabriel.petrovay_at_28msec.com>
Date: Wed, 12 Jan 2011 12:36:05 +0100

On Wed, Jan 12, 2011 at 12:26 PM, Daniel Stenberg <daniel_at_haxx.se> wrote:
> On Wed, 12 Jan 2011, Gabriel Petrovay wrote:
>
> Please don't top-post.
>
>> But https URLs work on both Windows and Linux in the browsers. So, the CA
>> Cert on both platforms are correct.
>
> Browsers usually ship with their own embedded list of CA certs. I'm not
> aware of any system wide CA cert bundle on Windows. Most Linux systems
> provide a global ca cert bundle somewhere (and curl tries to use that path
> as default).
>
>> The problem is that when making a request with Curl, it doesn't work
>> on Windows. It reports that "curl: (60) SSL certificate problem"
>>
>> I have tried with URLs like:
>> https://api-3t.sandbox.paypal.com/nvp
>> https://www.credit-suisse.com/ch/en/
>> They are all refused on Windows unless I provide the -k option.
>
> So you don't have a good enough CA cert bundle that can verify those
> servers' certificates.
>
>> So I wonder what is not properly configured on Windows or if this is a bug
>> in Curl for Windows, not accessing the available certificates on the
>> platform?
>
> You have not pointed out a good CA cert bundle to curl and it didn't find
> any on its own.

I thought that on Windows the IE settings (or similar) will be accessed.

So, in my case I have to either provide CURL_CA_BUNDLE or have
"curl-ca-bundle.crt" in one of:
1. application's directory
2. current working directory
3. Windows System directory (e.g. C:\windows\system32)
4. Windows Directory (e.g. C:\windows)
5. all directories along %PATH%

Thanks Daniel! That helped.
>
> --
>
>  / daniel.haxx.se
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-users
> FAQ:        http://curl.haxx.se/docs/faq.html
> Etiquette:  http://curl.haxx.se/mail/etiquette.html
> 

-- 
Gabriel Petrovay
Software Architect
28msec Inc.
http://www.28msec.com/
http://twitter.com/28msec
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2011-01-12