How to fix curl 60 SSL certificate Invalid certificate chain

Question

I get the following error running curl https   npmjs org install sh   sh on Mac OSX 10 9  Mavericks    install npm latest curl   60  SSL certificate problem  Invalid certificate chain More details here  http   curl haxx se docs sslcerts html   How do I fix this

User · Answer

After updating to OS X 10 9 2  I started having invalid SSL certificate issues with Homebrew  Textmate  RVM  and Github   When I initiate a brew update  I was getting the following error   fatal  unable to access  https   github com Homebrew homebrew    SSL certificate problem  Invalid certificate chain Error  Failure while executing  git pull -q origin refs heads master refs remotes origin master   I was able to alleviate some of the issue by just disabling the SSL verification in Git  From the console  a k a  shell or terminal    git config --global http sslVerify false   I am leary to recommend this because it defeats the purpose of SSL  but it is the only advice I ve found that works in a pinch   I tried rvm osx-ssl-certs update all which stated Already are up to date   In Safari  I visited https   github com and attempted to set the certificate manually  but Safari did not present the options to trust the certificate   Ultimately  I had to Reset Safari  Safari- Reset Safari    menu   Then afterward visit github com and select the certificate  and  Always trust  This feels wrong and deletes the history and stored passwords  but it resolved my SSL verification issues  A bittersweet victory

User · Answer

After attempting all of the above solutions to eliminate the  curl   60  SSL certificate problem  unable to get local issuer certificate  error  the solution that finally worked for me on OSX 10 9 was    Locate the curl certificate PEM file location  curl-config --ca  --    usr local etc openssl cert pem Use the folder location to identify the PEM file  cd  usr local etc openssl  Create a backup of the cert pem file  cp cert pem cert pem bkup  Download the updated Certificate file from the curl website  sudo wget http   curl haxx se ca cacert pem  Copy the downloaded PEM file to replace the old PEM file  cp cacert pem cert pem   This is a modified version of a solution posted to correct the same issue in Ubuntu found here    https   serverfault com questions 151157 ubuntu-10-04-curl-how-do-i-fix-update-the-ca-bundle

User · Answer

NOTE  This answer obviously defeats the purpose of SSL and should be used sparingly as a last resort   For those having issues with scripts that download scripts that download scripts and want a quick fix  create a file called    curlrc  With the contents  --insecure   This will cause curl to ignore SSL certificate problems by default   Make sure you delete the file when done   UPDATE  12 days later I got notified of an upvote on this answer  which made me go  Hmmm  did I follow my own advice remember to delete that  curlrc    and discovered I hadn t  So that really underscores how easy it is to leave your curl insecure by following this method

User · Answer

In some systems like your office system  there is sometimes a firewall security client that is installed for security purpose  Try uninstalling that and then run the command again  it should start the download   My system had Netskope Client installed and was blocking the ssl communication   Search in finder -  uninstall netskope  run it  and try installing homebrew    bin bash -c    curl -fsSL https   raw githubusercontent com Homebrew install master install sh    PS  consider installing the security client

User · Answer

First off  you should be wary of urls that throw SSL errors  That being said  you can suppress certificate errors in curl with   curl -k https   insecure url content-i-really-really-trust

User · Answer

Another cause of this can be duplicate keys in your KeyChain  I ve seen this problem on two macs where there were duplicate  DigiCert High Assurance EV Root CA   One was in the login keychain  the other in the system one  Removing the certificate from the login keychain solved the problem   This affected Safari browser as well as git on the command line

User · Answer

Using the Safari browser  not Chrome  Firefox or Opera  on Mac OS X 10 9  Mavericks  visit https   registry npmjs org    Click the Show certificate button and then check the checkbox labelled Always trust  Then click Continue and enter your password if required     Curl should now work with that URL correctly

User · Answer

I started seeing this error after installing the latest command-line tools update  6 1  on Yosemite  10 10 1   In this particular case  a reboot of the system fixed the error  I had not rebooted since the update    Mentioning this in case anyone with the same problem comes across this page  like I did

User · Answer

The problem is an expired intermediate certificate that is no longer used and must be deleted   Here is a blog post from Digicert explaining the issue and how to resolve it   https   blog digicert com expired-intermediate-certificate   I was seeing the issue with Github not loading via SSL in both Safari and the command line with git pull   Once I deleted the old expired cert everything was fine

[macos] How to fix curl: (60) SSL certificate: Invalid certificate chain

Examples related to macos

Examples related to node.js

Examples related to curl

Examples related to ssl

Examples related to npm