https connection using CURL from command line

Question

I am new to Curl and Cacerts world and facing a problem while connecting to a server  Basically  I need to test connectivity over https from one machine to another machine  I have a URL to which I need to connect from Machine A  a linux machine  I tried this on command prompt  cmd gt  curl https    my domain or IP address    and got the following   curl   60  SSL certificate problem  verify that the CA cert is OK  Details  error 14090086 SSL routines SSL3 GET SERVER CERTIFICATE certificate verify failed   On going through some articles over internet I did this   openssl s client -connect  lt domain name or Ip address gt  443   and got some response including the server certificate  inside -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----    What should I do next from here  I think  I will have to just copy paste the text inside BEGIN CERTIFICATE  amp  END CERTIFICATE and save it in a file  But   What type of file it should be   pem   crt     What should I be do after that   I tried this - copied the text inside BEGIN CERTIFICATE  amp  END CERTIFICATE and saved it in a  crt file  - named it as my-ca crt  also tried the same thing by naming it as my-ca pem file  and then did this   cmd gt curl --cacert my-ca crt https    my domain or IP address    But got the same error

User · Answer

I had the same problem - I was fetching a page from my own site, which was served over HTTPS, but curl was giving the same "SSL certificate problem" message. I worked around it by adding a -k flag to the call to allow insecure connections.

curl -k https://whatever.com/script.php

Edit: I discovered the root of the problem. I was using an SSL certificate (from StartSSL, but I don't think that matters much) and hadn't set up the intermediate certificate properly. If you're having the same problem as user1270392 above, it's probably a good idea to test your SSL cert and fix any issues with it before resorting to the curl -k fix.

User · Answer

having dignosed the problem  I was able to use the existing system default CA file  on debian6 this is    etc ssl certs ca-certificates crt   as root this can be done like   echo curl cainfo  etc ssl certs ca-certificates crt  gt  gt   etc php5 mods-available curl ini   then re-start the web-server

User · Answer

use --cacert to specify a  crt file   ca-root-nss crt for example

User · Answer

Here you could find the CA certs with instructions to download and convert Mozilla CA certs  Once you get ca-bundle crt or cacert pem you just use   curl exe --cacert cacert pem https   www google com   or   curl exe --cacert ca-bundle crt https   www google com

User · Answer

Simple solution  That s my everyday script   curl --insecure -v https   www google com 2 gt  amp 1   awk  BEGIN   cert 0        Server certificate     cert 1           if  cert  print      Output     Server certificate       subject  C US  ST California  L Mountain View  O Google Inc  CN www google com      start date  2016-01-07 11 34 33 GMT      expire date  2016-04-06 00 00 00 GMT      issuer  C US  O Google Inc  CN Google Internet Authority G2      SSL certificate verify ok    Server GFE 2 0 is not blacklisted   Connection  0 to host www google com left intact

User · Answer

With modern versions of curl  you can simply override which ip-address to connect to  using --resolve or --connect-to  curl newer than version 7 49   This works even with SSL SNI  All details are in the man page   For example  to override DNS and connect to www example com with ssl using a particular ip address   This will also override ipv6   curl --resolve www example com 443 192 168 42 2 https   www example com    Another example  to connect to a particular backend server named backend1 on port 8080  curl --connect-to www example com 80 backend1 example com 8080 http   www example com    Remember to add the host header if the server needs that to answer correctly   -H  Host www example com

User · Answer

you could use this  curl setopt  curl- gt curl  CURLOPT SSL VERIFYPEER  false

User · Answer

I actually had this kind of problem and I solve it by these steps    Get the bundle of root CA certificates from here  https   curl haxx se ca cacert pem and save it on local  Find the php ini file Set the curl cainfo to be the path of the certificates  So it will something like     curl cainfo    path of the keys cacert pem

User · Answer

You need to provide the entire certificate chain to curl  since curl no longer ships with any CA certs  Since the cacert option can only use one file  you need to concat the full chain info into 1 file  Copy the certificate chain  from your browser  for example  into DER encoded binary x 509  cer   Do this for each cert    Convert the certs into PEM  and concat them into 1 file    openssl x509 -inform DES -in file1 cer -out file1 pem -text openssl x509 -inform DES -in file2 cer -out file2 pem -text openssl x509 -inform DES -in file3 cer -out file3 pem -text  cat   pem  gt  certRepo  curl --cacert certRepo -u user passwd -X GET -H  Content-Type  application json   https  somesecureserver com rest field    I wrote a blog on how to do this here  http   javamemento blogspot no 2015 10 using-curl-with-ssl-cert-chain html

User · Answer

For me  I just wanted to test a website that had an automatic http- https redirect  I think I had some certs installed already  so this alone works for me on Ubuntu 16 04 running curl 7 47 0  x86 64-pc-linux-gnu  libcurl 7 47 0 GnuTLS 3 4 10 zlib 1 2 8 libidn 1 32 librtmp 2 3  curl --proto-default https  lt target gt

[curl] https connection using CURL from command line

Examples related to curl

Examples related to ssl

Examples related to command-line

Examples related to https

Examples related to certificate