When we are using cURL to retrieve a HTTPS site that is not using a CA-signed certificate, the following problem occurs.
SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html
To overcome this issue, follow the below steps
You might like to backup
/etc/ssl/certs before executing the command.
Check ssl path in OS
:~# openssl version -d OPENSSLDIR: "/usr/lib/ssl"
:~# cd /usr/lib/ssl && ls -al
:~# /usr/lib/ssl# cd certs
/usr/share/ca-certificates directory and add you self-signed certificate there, (ex: your.cert.name.crt)
:~# cd /usr/share/ca-certificates cp or create the crt/pem file here
/etc directory and edit the file
:~# cd /etc :~# nano ca-certificates.conf
your.cert.name.crt to the file (
ca-certificates.conf) and save it.
Execute the program
:~# update-ca-certificates --fresh
you would have something like below
Clearing symlinks in /etc/ssl/certs...done. Updating certificates in /etc/ssl/certs....done. Running hooks in /etc/ca-certificates/update.d....done.
Test with curl on your target HTTPS site and it should work now.