skip to Main Content

I have an issue when using certificate when using curl. I’m running centOS7. We managed to get the curl going in other places, but not our dev machine:

What we are trying to do:

sudo curl -X 'GET' 'https://webpage/document' --cert '/localization.crt.pem' --key '/localization.key.pem' -H 'accept: */*' -k

Im getting this error:

curl: (58) SSL peer cannot verify your certificate.

What I tried to do?(from centOS documentation)
https://access.redhat.com/documentation/en-us/red_hat_certificate_system/9/html/administration_guide_common_criteria_edition/importing_certificate_into_nssdb

# PKICertImport -d . -n "client name" -t ",," -a -i certificate.crt.pem -u C

after echo $? we get a 0, so i think it is installed properly?

Any idea on whats wrong would be great.

2

Answers


  1. Chosen as BEST ANSWER

    I managed to solve the issue. Recompiled curl with openSSL with following tutorial: Install curl with openssl

    Works like a charm :)


  2. I have run into this recently on our linux environments. I’ve found that this tends to happen if you have an SSL Certificate issued that also includes a chain certificate. If that chain is not also configured on your server OpenSSL considers the certificate invalid.

    I would test this using this command:

    openssl s_client -showcerts -verify 5 -connect website.com:443
    

    If you see a block like this that means you are missing the certificate chain in your server configuration:

    ---
    SSL handshake has read 2162 bytes and written 401 bytes
    Verification error: unable to verify the first certificate
    ---
    

    Windows fills in the gaps and doesn’t mind this type of configuration, but openssl is very particular.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search