How do I deal with certificates using cURL while trying to access an HTTPS url

Question

I am getting the following error using curl     curl   77  error setting certificate verify locations    CAfile   etc ssl certs ca-certificates crt   CApath  none   How do I set this certificate verify locations  Thanks

User · Answer

I ve got the same problem   I m building a alpine based docker image  and when I want to curl to a website of my organisation  this error appears  To solve it  I have to get the CA cert of my company  then  I have to add it to the CA certs of my image   Get the CA certificate  Use OpenSSL to get the certificates related to the website    openssl s client -showcerts -servername my company website org -connect my company website org 443   This will output something like     CONNECTED 00000005  depth 2 CN   UbisoftRootCA verify error num 19 self signed certificate in certificate chain     -----BEGIN CERTIFICATE-----     -----END CERTIFICATE----- -----BEGIN CERTIFICATE-----      -----END CERTIFICATE-----       Get the last certificate  the content between the -----BEGIN CERTIFICATE----- and the -----END CERTIFICATE----- markups included  and save it into a file  mycompanyRootCA crt for example   Build your image  Then  when you ll build your docker image from alpine  do the following    FROM alpine RUN apk add ca-certificates curl COPY mycompanyRootCA crt   usr local share ca-certificates mycompanyRootCA crt RUN update-ca-certificates   Your image will now work properly    o

User · Answer

For what it s worth  checking which curl is being run is significant too   A user on a shared machine I maintain had been getting this error  But the cause turned out to be because they d installed Anaconda  http   continuum io   Doing so put Anaconda s binary path before the standard  PATH  and it comes with its own curl binary  which had trouble finding the default certs that were installed on this Ubuntu machine

User · Answer

This worked for me    sudo apt-get install ca-certificates   then go into the certificates folder at    sudo cd  etc ssl certs   then you copy the ca-certificates crt file into the  etc pki tls certs  sudo cp ca-certificates crt  etc pki tls certs   if there is no tls certs folder  create one and change permissions using chmod 777 -R folderNAME

User · Answer

Put this into your  bashrc    fix CURL certificates path export CURL CA BUNDLE  etc ssl certs ca-certificates crt    see comment from Robert

User · Answer

Create a file    curlrc with the following content cacert  etc ssl certs ca-certificates crt  as follows echo  quot cacert  etc ssl certs ca-certificates crt quot   gt  gt     curlrc

User · Answer

Another alternative to fix this problem is to disable the certificate validation   echo insecure  gt  gt     curlrc

User · Answer

I had this problem as well  My issue was this file   usr ssl certs ca-bundle crt  is by default just an empty file  So even if it exists  youll still get the error as it doesnt contain any certificates  You can generate them like this  p11-kit extract --overwrite --format pem-bundle  usr ssl certs ca-bundle crt  https   github com msys2 MSYS2-packages blob master ca-certificates ca-certificates install

User · Answer

This error is related to a missing package  ca-certificates  Install it   In Ubuntu Linux  and similar distro      apt-get install ca-certificates   In CygWin via Apt-Cyg    apt-cyg install ca-certificates   In Arch Linux  Raspberry Pi     pacman -S ca-certificates     The documentation tells      This package includes PEM files of CA certificates to allow SSL-based applications to check for the authenticity of SSL connections    As seen at  Debian -- Details of package ca-certificates in squeeze

User · Answer

I also had the newest version of ca-certificates installed but was still getting the error   curl   77  error setting certificate verify locations    CAfile   etc pki tls certs ca-bundle crt   CApath  none   The issue was that curl expected the certificate to be at the path  etc pki tls certs ca-bundle crt but could not find it because it was at the path  etc ssl certs ca-certificates crt   Copying my certificate to the expected destination by running  sudo cp  etc ssl certs ca-certificates crt  etc pki tls certs ca-bundle crt   worked for me  You will need to create folders for the target destination if they do not exist by running  sudo mkdir -p  etc pki tls certs   If needed  modify the above command to make the destination file name match the path expected by curl  i e  replace  etc pki tls certs ca-bundle crt with the path following  CAfile   in your error message

User · Answer

curl performs SSL certificate verification by default  using a  bundle   of Certificate Authority  CA  public keys  CA certs   The default  bundle is named curl-ca-bundle crt  you can specify an alternate file  using the --cacert option   If this HTTPS server uses a certificate signed by a CA represented in  the bundle  the certificate verification probably failed due to a  problem with the certificate  it might be expired  or the name might  not match the domain name in the URL    If you d like to turn off curl s verification of the certificate  use  the -k  or --insecure  option   for example   curl --insecure http

User · Answer

Just create the folders  which is missing in your system        etc pki tls certs    and create the file using the following command      sudo apt-get install ca-certificates   and then copy and paste the certificate to the destination folder  which is showing in your error   mine was   with message  error setting certificate verify locations  CAfile   etc pki tls certs ca-bundle crt CApath  none  in   make sure you paste the file to the exact location mentioned in the error  Use the following command to copy paste       sudo cp  etc ssl certs ca-certificates crt    etc pki tls certs ca-bundle crt    Fixed

User · Answer

I had the exact same problem  As it turns out  my  etc ssl certs ca-certificates crt file was malformed  The last entry showed something like this   -----BEGIN CERTIFICATE----- MIIEDTCCAvWgAwIBAgIJAN  lots of certificate text    AwIBAgIJAN-----END CERTIFICATE-----   After adding a newline before -----END CERTIFICATE-----  curl was able handle the certificates file   This was very annoying to find out since my update-ca-certificates command did not give me any warning   This may or may not be a version specific problem of curl  so here is my version  just for completeness   curl --version   curl 7 51 0  x86 64-alpine-linux-musl  libcurl 7 51 0 OpenSSL 1 0 2j zlib 1 2 8 libssh2 1 7 0   Protocols  dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp    Features  IPv6 Largefile NTLM NTLM WB SSL libz TLS-SRP UnixSockets

User · Answer

The quickest way to get around the error is add on the -k option somewhere in your curl request   That option  allows connections to SSL cites without certs    from curl --help   Be aware that this may mean that you re not talking to the endpoint you think you are  as they are presenting a certificate not signed by a CA you trust   For example     curl -o  usr bin apt-cyg https   raw github com cfg apt-cyg master apt-cyg   gave me the following error response   curl   77  error setting certificate verify locations    CAfile   usr ssl certs ca-bundle crt   CApath  none   I added on -k   curl -o  usr bin apt-cyg https   raw github com cfg apt-cyg master apt-cyg -k   and no error message   As a bonus  now I have apt-cyg installed   And ca-certificates

User · Answer

From   man curl   --cert-type  lt type gt       SSL  Tells curl what certificate type the provided  certificate     is in  PEM  DER and ENG are recognized types   If not specified      PEM is assumed       If this option is used several times  the last one will be used   --cacert  lt CA certificate gt       SSL  Tells curl to use the specified certificate file to verify     the peer  The file may contain  multiple  CA  certificates   The     certificate s   must be in PEM format  Normally curl is built to     use a default file for this  so this option is typically used to     alter that default file

User · Answer

Just find this solution works perfectly for me      echo  cacert  etc ssl certs ca-certificates crt   gt     curlrc   I found this solution from here

User · Answer

It seems your curl points to a non-existing file with CA certs or similar   For the primary reference on CA certs with curl  see  https   curl haxx se docs sslcerts html

User · Answer

If anyone is still having trouble  try this  it worked for me  Delete the files in your  etc ssl certs  directory then reinstall ca-certificates    sudo apt install ca-certificates --reinstall   Did this when I tried installing Linuxbrew

User · Answer

For PHP code running on XAMPP on Windows I found I needed to edit php ini to include the below    curl    A default value for the CURLOPT CAINFO option  This is required to be an   absolute path  curl cainfo   curl-ca-bundle crt   and then copy to a file https   curl haxx se ca cacert pem and rename to curl-ca-bundle crt and place it under  xampp path  I couldn t get curl capath to work   I also found the CAbundle on the cURL site wasn t enough for the remote site I was connecting to  so used one that is listed with a pre-compiled Windows version of curl 7 47 1 at http   winampplugins co uk curl

User · Answer

roens is correct  This affects all Anaconda users  with below error curl   77  error setting certificate verify locations    CAfile   etc pki tls certs ca-bundle crt   CApath  none  The workaround is to use the default system curl and avoid messing with the prepended Anaconda PATH variable  You can either    Rename the Anaconda curl binary    mv  path to anaconda bin curl  path to anaconda bin curl anaconda OR remove Anaconda curl conda remove curl     which curl  usr bin curl   0  Anaconda Ubuntu curl Github issue https   github com conda conda-recipes issues 352

User · Answer

Run following command in git bash that works fine for me  git config --global http sslverify  false

[api] How do I deal with certificates using cURL while trying to access an HTTPS url?

Get the CA certificate

Build your image

Examples related to api

Examples related to curl

Examples related to https