-->
  • Recent Articles

    Error: curl: (60) SSL certificate problem, verify that the CA cert is OK

     Error: curl: (60) SSL certificate problem, verify that the CA cert is OK


    curl -o test.wsdl https://ems.example.com/ws/emsInterfacePort?wsdl
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
      0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
    error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
    More details here: http://curl.haxx.se/docs/sslcerts.html

    Solution:

    When the user was accessing the url via curl the it was getting a “certificate verify failed” message. There could be 2 cause to it.
    A) The Server Certificate Authority bundle is not updated :-
     Check  the file /etc/pki/tls/certs/ca-bundle.crt if it is old, update the OS.
    B) Curl CA bundle is outdated: curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs).
    If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option or can install ca bundle.
    find ca bundle link:
    openssl x509 -in <Certificate Absolute path> -text -noout

    Check Following Block and access CA issues URI.

     Authority Information Access:
                    OCSP - URI:http://XXXXXXXXXXXXXX
                    CA Issuers - URI:http://XXXXXXXXXXX

    Once the .crt file is downloaded either install it or use it with --cacert option.

    No comments