https connection using CURL from command line
I am new to Curl and Cacerts world and facing a problem while connecting to a server. Basically, I need to test connectivity over https from one machine to another machine. I have a URL to which I need to connect from Machine A (a linux machine) I tried this on command prompt
cmd> curl https://[my domain or IP address]
and got the following:
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
On going through some articles over internet I did this:
openssl s_client -connect <domain name or Ip address>:443
and got some response including the
server certificate (inside -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----).
What should I do next from here. I think, I will have to just copy paste the text inside
BEGIN CERTIFICATE & END CERTIFICATE and save it in a file.
But,
What type of file it should be? .pem, .crt ?..
What should I be do after that?
I tried this - copied the text inside BEGIN CERTIFICATE & END CERTIFICATE and saved it in a .crt file - named it as my-ca.crt (also tried the same thing by naming it as my-ca.pem file)
and then did this:
cmd>curl --cacert my-ca.crt https://[my domain or IP address]
But got the same error.
Answer
I had the same problem - I was fetching a page from my own site, which was served over HTTPS, but curl was giving the same "SSL certificate problem" message. I worked around it by adding a -k flag to the call to allow insecure connections.
curl -k https://whatever.com/script.php
Edit: I discovered the root of the problem. I was using an SSL certificate (from StartSSL, but I don't think that matters much) and hadn't set up the intermediate certificate properly. If you're having the same problem as user1270392 above, it's probably a good idea to test your SSL cert and fix any issues with it before resorting to the curl -k fix.