cURL / Mailing Lists / curl-library / Single Mail


cert files

From: Perry Smith <>
Date: Mon, 17 Oct 2011 16:00:56 -0500


I feel silly asking this question but I really have looked through Google and also the code. I'm not sure if this is a curl, libcurl, or openssl question.

If I'm on my Mac and I do a curl request to an https site, it goes off and happily does the request. Somewhere it has a stash of certificates (I'm not 100% sure that is the right term).

If I do the same question on my AIX machine it gives me the message.

> curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
> error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
> More details here:
> curl performs SSL certificate verification by default, using a "bundle"
> of Certificate Authority (CA) public keys (CA certs). The default
> bundle is named curl-ca-bundle.crt; you can specify an alternate file
> using the --cacert option.
> If this HTTPS server uses a certificate signed by a CA represented in
> the bundle, the certificate verification probably failed due to a
> problem with the certificate (it might be expired, or the name might
> not match the domain name in the URL).
> If you'd like to turn off curl's verification of the certificate, use
> the -k (or --insecure) option.

I hope its ok for me to paste this here. On the Mac, I do:

curl -O

and it works. If I do that on my AIX machine, I get the above message. I downloaded the cacert.pem file and if I do:

curl --cacert /tmp/cacert.pem

on my AIX machine, it works. But my question is, where can I store the cacert,perm file so that curl, or libcurl, or openssl can find it automatically.

I know about the various environment variables, etc but it should would be nice if I could just store it somewhere. I see on Windows, I can do this in 5 different locations but I can't find the equivalent for a Unix machine.

There are comments about compile time options which is what I assume Apple did but I can't piece the puzzle together.

The mac has 7.21.4. The AIX host has either 7.18.2 or 7.22.0 (depending upon which host I use).

Thank you for your help,

List admin:
Received on 2011-10-17