CURL request on a self-signed SSL certificate API

When we are using cURL to retrieve a HTTPS site that is not using a CA-signed certificate, the following problem occurs.

SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html
To overcome this issue, follow the below steps

You might like to backup /etc/ssl/certs before executing the command.

 

Check ssl path in OS

:~# openssl version -d
 OPENSSLDIR: "/usr/lib/ssl" 

:~# cd /usr/lib/ssl && ls -al

:~# /usr/lib/ssl# cd certs

Change to /usr/share/ca-certificates directory and add you self-signed certificate there, (ex: your.cert.name.crt)

:~# cd /usr/share/ca-certificates cp or create the crt/pem file here Change to /etc directory and edit the file ca-certificates.conf.

:~# cd /etc 
:~# nano ca-certificates.conf 

Add your.cert.name.crt to the file (ca-certificates.conf) and save it.

Execute the program update-ca-certificates --fresh.

:~# update-ca-certificates --fresh
you would have something like below
 Clearing symlinks in /etc/ssl/certs...done. Updating certificates in /etc/ssl/certs....done. Running hooks in /etc/ca-certificates/update.d....done.

Test with curl on your target HTTPS site and it should work now.

Advertisements