I have an issue when using certificate when using curl. I'm running centOS7. We managed to get the curl going in other places, but not our dev machine:

What we are trying to do:

sudo curl -X 'GET' 'https://webpage/document' --cert '/localization.crt.pem' --key '/localization.key.pem' -H 'accept: */*' -k

Im getting this error:

curl: (58) SSL peer cannot verify your certificate.

What I tried to do?(from centOS documentation) https://access.redhat.com/documentation/en-us/red_hat_certificate_system/9/html/administration_guide_common_criteria_edition/importing_certificate_into_nssdb

# PKICertImport -d . -n "client name" -t ",," -a -i certificate.crt.pem -u C

after echo $? we get a 0, so i think it is installed properly?

Any idea on whats wrong would be great.

CodePudding user response：

I have run into this recently on our linux environments. I've found that this tends to happen if you have an SSL Certificate issued that also includes a chain certificate. If that chain is not also configured on your server OpenSSL considers the certificate invalid.

I would test this using this command:

openssl s_client -showcerts -verify 5 -connect website.com:443

If you see a block like this that means you are missing the certificate chain in your server configuration:

---
SSL handshake has read 2162 bytes and written 401 bytes
Verification error: unable to verify the first certificate
---

Windows fills in the gaps and doesn't mind this type of configuration, but openssl is very particular.

CodePudding user response：

I managed to solve the issue. Recompiled curl with openSSL with following tutorial: Install curl with openssl

Works like a charm :)