How to fix CA cert issues with Curl in Ubuntu 14.04?How to use self signed certificate with an SVN...
Welcoming 2019 Pi day: How to draw the letter π?
How is the Swiss post e-voting system supposed to work, and how was it wrong?
How to generate globally unique ids for different tables of the same database?
Why does Deadpool say "You're welcome, Canada," after shooting Ryan Reynolds in the end credits?
Replacing Windows 7 security updates with anti-virus?
Is it true that real estate prices mainly go up?
Current sense amp + op-amp buffer + ADC: Measuring down to 0 with single supply
Does the statement `int val = (++i > ++j) ? ++i : ++j;` invoke undefined behavior?
Why doesn't using two cd commands in bash script execute the second command?
Use of プラトニック in this sentence?
How do anti-virus programs start at Windows boot?
Who is our nearest planetary neighbor, on average?
PTIJ: Who should pay for Uber rides: the child or the parent?
Where is the 1/8 CR apprentice in Volo's Guide to Monsters?
How to explain that I do not want to visit a country due to personal safety concern?
Professor being mistaken for a grad student
Be in awe of my brilliance!
Russian cases: A few examples, I'm really confused
Meaning of "SEVERA INDEOVI VAS" from 3rd Century slab
Have researchers managed to "reverse time"? If so, what does that mean for physics?
Rejected in 4th interview round citing insufficient years of experience
How can I change step-down my variable input voltage? [Microcontroller]
How to deal with taxi scam when on vacation?
Brexit - No Deal Rejection
How to fix CA cert issues with Curl in Ubuntu 14.04?
How to use self signed certificate with an SVN clientProblems importing own CA CertificatePositiveSSL doesn't work because of SnakeoilCannot connect client to landscape server: certificate issueHow to compile curl with SSL support?Root certificate issue on Ubuntu 16.04What is the secure combination of php.ini configuration and PHP code to verify SSL/TLS on Ubuntu 14.04?Installing CA Cert fails with no errorCA root install issue on Ubuntu 16.04 LTS ServerCURL. Server certificate verification failed
I am using Ubuntu 14.04. When I use curl, I get the following error:
curl: (77) error setting certificate verify locations: CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath:
From what I gather from googling, the CAfile location it is looking for is not correct for Ubuntu (and it doesn't exist on my computer), /etc/ssl/certs/ca-certificates.crt
is the proper location.
Most of the solutions involved setting the environment variable CURL_CA_BUNDLE
to the proper location, or adding cacert=/etc/ssl/certs/ca-certificates.crt
to the (newly created) .curlrc
file in my home directory. I have tried both, and neither completely solve the issue. curl is finding this location, but it still doesn't work, giving the error:
curl: (60) SSL certificate problem: self signed certificate in certificate chain
I also tried uninstalling and reinstalling curl in Ubuntu, and updating my CA certs with $ sudo update-ca-certificates --fresh
which updated the certs, but still didn't make error 60 go away.
I am not that knowledgeable about CA certs, and doubt I purposely added some self signed certificate in the past. Perhaps by accident, I don't know.
Does anyone know how to fix this? Is there a way to actually start fresh with all my certs? Or does anyone even know how I go about figuring out where this self signed certificate is, and then how to remove it?
PS: I don't want to use the -k (aka --insecure) flag. I want to get this working securely.
ssl curl certificates
add a comment |
I am using Ubuntu 14.04. When I use curl, I get the following error:
curl: (77) error setting certificate verify locations: CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath:
From what I gather from googling, the CAfile location it is looking for is not correct for Ubuntu (and it doesn't exist on my computer), /etc/ssl/certs/ca-certificates.crt
is the proper location.
Most of the solutions involved setting the environment variable CURL_CA_BUNDLE
to the proper location, or adding cacert=/etc/ssl/certs/ca-certificates.crt
to the (newly created) .curlrc
file in my home directory. I have tried both, and neither completely solve the issue. curl is finding this location, but it still doesn't work, giving the error:
curl: (60) SSL certificate problem: self signed certificate in certificate chain
I also tried uninstalling and reinstalling curl in Ubuntu, and updating my CA certs with $ sudo update-ca-certificates --fresh
which updated the certs, but still didn't make error 60 go away.
I am not that knowledgeable about CA certs, and doubt I purposely added some self signed certificate in the past. Perhaps by accident, I don't know.
Does anyone know how to fix this? Is there a way to actually start fresh with all my certs? Or does anyone even know how I go about figuring out where this self signed certificate is, and then how to remove it?
PS: I don't want to use the -k (aka --insecure) flag. I want to get this working securely.
ssl curl certificates
add a comment |
I am using Ubuntu 14.04. When I use curl, I get the following error:
curl: (77) error setting certificate verify locations: CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath:
From what I gather from googling, the CAfile location it is looking for is not correct for Ubuntu (and it doesn't exist on my computer), /etc/ssl/certs/ca-certificates.crt
is the proper location.
Most of the solutions involved setting the environment variable CURL_CA_BUNDLE
to the proper location, or adding cacert=/etc/ssl/certs/ca-certificates.crt
to the (newly created) .curlrc
file in my home directory. I have tried both, and neither completely solve the issue. curl is finding this location, but it still doesn't work, giving the error:
curl: (60) SSL certificate problem: self signed certificate in certificate chain
I also tried uninstalling and reinstalling curl in Ubuntu, and updating my CA certs with $ sudo update-ca-certificates --fresh
which updated the certs, but still didn't make error 60 go away.
I am not that knowledgeable about CA certs, and doubt I purposely added some self signed certificate in the past. Perhaps by accident, I don't know.
Does anyone know how to fix this? Is there a way to actually start fresh with all my certs? Or does anyone even know how I go about figuring out where this self signed certificate is, and then how to remove it?
PS: I don't want to use the -k (aka --insecure) flag. I want to get this working securely.
ssl curl certificates
I am using Ubuntu 14.04. When I use curl, I get the following error:
curl: (77) error setting certificate verify locations: CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath:
From what I gather from googling, the CAfile location it is looking for is not correct for Ubuntu (and it doesn't exist on my computer), /etc/ssl/certs/ca-certificates.crt
is the proper location.
Most of the solutions involved setting the environment variable CURL_CA_BUNDLE
to the proper location, or adding cacert=/etc/ssl/certs/ca-certificates.crt
to the (newly created) .curlrc
file in my home directory. I have tried both, and neither completely solve the issue. curl is finding this location, but it still doesn't work, giving the error:
curl: (60) SSL certificate problem: self signed certificate in certificate chain
I also tried uninstalling and reinstalling curl in Ubuntu, and updating my CA certs with $ sudo update-ca-certificates --fresh
which updated the certs, but still didn't make error 60 go away.
I am not that knowledgeable about CA certs, and doubt I purposely added some self signed certificate in the past. Perhaps by accident, I don't know.
Does anyone know how to fix this? Is there a way to actually start fresh with all my certs? Or does anyone even know how I go about figuring out where this self signed certificate is, and then how to remove it?
PS: I don't want to use the -k (aka --insecure) flag. I want to get this working securely.
ssl curl certificates
ssl curl certificates
asked Jul 9 '15 at 22:37
themaninthewoodsthemaninthewoods
3482310
3482310
add a comment |
add a comment |
4 Answers
4
active
oldest
votes
After researching and working on this over the last couple days I got it to work, and the answer ended up being rather simple.
I needed to set capath=/etc/ssl/certs/
in my .curlrc
file.
This got curl working on the command line. To further get curl to work in R (where I first encountered the problem) I also needed to have cacert=/etc/ssl/certs/ca-certificates.crt
in my .curlrc
file as tried before, otherwise it continued to look for /etc/pki/tls/certs/ca-bundle.crt
I still have no idea why I was seeing the error about self-signed certificates.
Based on some other random findings I also downloaded a certificate from the Curl website with:
sudo wget http://curl.haxx.se/ca/cacert.pem
into the same certs
directory. Having cafile
pointed at this worked as well. In the end I put it back to ca-certificates.crt
and it still works.
I don't understand exactly why this worked or what is going on, but it is resolved.
add a comment |
cafile key does not work for me (curl 7.45.0) but cacert (from --cacert option) does.
My .curlrc file:
capath=/etc/ssl/certs/
cacert=/etc/ssl/certs/ca-certificates.crt
1
this worked for me on Ubuntu 16.04!
– API
Jan 7 '17 at 16:16
add a comment |
We faced same problem with one of our C++ programs in Ubuntu 14.04.5. The .curlrc method was not taking effect.
This was solved by downloading the ca-certificates.crt to /etc/ssl/certs/ca-certificates.crt and creating a symbolic link ca-bundle.crt under /etc/pki/tls/certs/ directory.
Hope this helps!
add a comment |
After researching for a few times I got it to work, and the answer ended up being rather a simple one.
Do stepwise
Step:1 Open terminal ctrl+alt+t
Step:2 cd /etc/ssl/certs/
Step:3 sudo wget http://curl.haxx.se/ca/cacert.pem
Step 3 will download pem file in the certs folder
Step 4: Check if .curlrc file is available in your home folder or not.
.curlrc is a hidden file. check by ctrl+h in the home directory.
if not there then on terminal type
Step 5: nano ~/.curlrc
Step 6: Now paste the below lines in the open file
capath=/etc/ssl/certs/
cacert=/etc/ssl/certs/ca-certificates.crt
Step 7: Now save the file and do your things using curl command.
N.B Here I used nano editor, but you can use any editor.
New contributor
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f646594%2fhow-to-fix-ca-cert-issues-with-curl-in-ubuntu-14-04%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
After researching and working on this over the last couple days I got it to work, and the answer ended up being rather simple.
I needed to set capath=/etc/ssl/certs/
in my .curlrc
file.
This got curl working on the command line. To further get curl to work in R (where I first encountered the problem) I also needed to have cacert=/etc/ssl/certs/ca-certificates.crt
in my .curlrc
file as tried before, otherwise it continued to look for /etc/pki/tls/certs/ca-bundle.crt
I still have no idea why I was seeing the error about self-signed certificates.
Based on some other random findings I also downloaded a certificate from the Curl website with:
sudo wget http://curl.haxx.se/ca/cacert.pem
into the same certs
directory. Having cafile
pointed at this worked as well. In the end I put it back to ca-certificates.crt
and it still works.
I don't understand exactly why this worked or what is going on, but it is resolved.
add a comment |
After researching and working on this over the last couple days I got it to work, and the answer ended up being rather simple.
I needed to set capath=/etc/ssl/certs/
in my .curlrc
file.
This got curl working on the command line. To further get curl to work in R (where I first encountered the problem) I also needed to have cacert=/etc/ssl/certs/ca-certificates.crt
in my .curlrc
file as tried before, otherwise it continued to look for /etc/pki/tls/certs/ca-bundle.crt
I still have no idea why I was seeing the error about self-signed certificates.
Based on some other random findings I also downloaded a certificate from the Curl website with:
sudo wget http://curl.haxx.se/ca/cacert.pem
into the same certs
directory. Having cafile
pointed at this worked as well. In the end I put it back to ca-certificates.crt
and it still works.
I don't understand exactly why this worked or what is going on, but it is resolved.
add a comment |
After researching and working on this over the last couple days I got it to work, and the answer ended up being rather simple.
I needed to set capath=/etc/ssl/certs/
in my .curlrc
file.
This got curl working on the command line. To further get curl to work in R (where I first encountered the problem) I also needed to have cacert=/etc/ssl/certs/ca-certificates.crt
in my .curlrc
file as tried before, otherwise it continued to look for /etc/pki/tls/certs/ca-bundle.crt
I still have no idea why I was seeing the error about self-signed certificates.
Based on some other random findings I also downloaded a certificate from the Curl website with:
sudo wget http://curl.haxx.se/ca/cacert.pem
into the same certs
directory. Having cafile
pointed at this worked as well. In the end I put it back to ca-certificates.crt
and it still works.
I don't understand exactly why this worked or what is going on, but it is resolved.
After researching and working on this over the last couple days I got it to work, and the answer ended up being rather simple.
I needed to set capath=/etc/ssl/certs/
in my .curlrc
file.
This got curl working on the command line. To further get curl to work in R (where I first encountered the problem) I also needed to have cacert=/etc/ssl/certs/ca-certificates.crt
in my .curlrc
file as tried before, otherwise it continued to look for /etc/pki/tls/certs/ca-bundle.crt
I still have no idea why I was seeing the error about self-signed certificates.
Based on some other random findings I also downloaded a certificate from the Curl website with:
sudo wget http://curl.haxx.se/ca/cacert.pem
into the same certs
directory. Having cafile
pointed at this worked as well. In the end I put it back to ca-certificates.crt
and it still works.
I don't understand exactly why this worked or what is going on, but it is resolved.
edited Apr 30 '16 at 18:40
muru
1
1
answered Jul 11 '15 at 5:22
themaninthewoodsthemaninthewoods
3482310
3482310
add a comment |
add a comment |
cafile key does not work for me (curl 7.45.0) but cacert (from --cacert option) does.
My .curlrc file:
capath=/etc/ssl/certs/
cacert=/etc/ssl/certs/ca-certificates.crt
1
this worked for me on Ubuntu 16.04!
– API
Jan 7 '17 at 16:16
add a comment |
cafile key does not work for me (curl 7.45.0) but cacert (from --cacert option) does.
My .curlrc file:
capath=/etc/ssl/certs/
cacert=/etc/ssl/certs/ca-certificates.crt
1
this worked for me on Ubuntu 16.04!
– API
Jan 7 '17 at 16:16
add a comment |
cafile key does not work for me (curl 7.45.0) but cacert (from --cacert option) does.
My .curlrc file:
capath=/etc/ssl/certs/
cacert=/etc/ssl/certs/ca-certificates.crt
cafile key does not work for me (curl 7.45.0) but cacert (from --cacert option) does.
My .curlrc file:
capath=/etc/ssl/certs/
cacert=/etc/ssl/certs/ca-certificates.crt
answered Mar 30 '16 at 16:42
DukeDuke
18112
18112
1
this worked for me on Ubuntu 16.04!
– API
Jan 7 '17 at 16:16
add a comment |
1
this worked for me on Ubuntu 16.04!
– API
Jan 7 '17 at 16:16
1
1
this worked for me on Ubuntu 16.04!
– API
Jan 7 '17 at 16:16
this worked for me on Ubuntu 16.04!
– API
Jan 7 '17 at 16:16
add a comment |
We faced same problem with one of our C++ programs in Ubuntu 14.04.5. The .curlrc method was not taking effect.
This was solved by downloading the ca-certificates.crt to /etc/ssl/certs/ca-certificates.crt and creating a symbolic link ca-bundle.crt under /etc/pki/tls/certs/ directory.
Hope this helps!
add a comment |
We faced same problem with one of our C++ programs in Ubuntu 14.04.5. The .curlrc method was not taking effect.
This was solved by downloading the ca-certificates.crt to /etc/ssl/certs/ca-certificates.crt and creating a symbolic link ca-bundle.crt under /etc/pki/tls/certs/ directory.
Hope this helps!
add a comment |
We faced same problem with one of our C++ programs in Ubuntu 14.04.5. The .curlrc method was not taking effect.
This was solved by downloading the ca-certificates.crt to /etc/ssl/certs/ca-certificates.crt and creating a symbolic link ca-bundle.crt under /etc/pki/tls/certs/ directory.
Hope this helps!
We faced same problem with one of our C++ programs in Ubuntu 14.04.5. The .curlrc method was not taking effect.
This was solved by downloading the ca-certificates.crt to /etc/ssl/certs/ca-certificates.crt and creating a symbolic link ca-bundle.crt under /etc/pki/tls/certs/ directory.
Hope this helps!
answered Jul 21 '17 at 15:47
TamilTamil
1
1
add a comment |
add a comment |
After researching for a few times I got it to work, and the answer ended up being rather a simple one.
Do stepwise
Step:1 Open terminal ctrl+alt+t
Step:2 cd /etc/ssl/certs/
Step:3 sudo wget http://curl.haxx.se/ca/cacert.pem
Step 3 will download pem file in the certs folder
Step 4: Check if .curlrc file is available in your home folder or not.
.curlrc is a hidden file. check by ctrl+h in the home directory.
if not there then on terminal type
Step 5: nano ~/.curlrc
Step 6: Now paste the below lines in the open file
capath=/etc/ssl/certs/
cacert=/etc/ssl/certs/ca-certificates.crt
Step 7: Now save the file and do your things using curl command.
N.B Here I used nano editor, but you can use any editor.
New contributor
add a comment |
After researching for a few times I got it to work, and the answer ended up being rather a simple one.
Do stepwise
Step:1 Open terminal ctrl+alt+t
Step:2 cd /etc/ssl/certs/
Step:3 sudo wget http://curl.haxx.se/ca/cacert.pem
Step 3 will download pem file in the certs folder
Step 4: Check if .curlrc file is available in your home folder or not.
.curlrc is a hidden file. check by ctrl+h in the home directory.
if not there then on terminal type
Step 5: nano ~/.curlrc
Step 6: Now paste the below lines in the open file
capath=/etc/ssl/certs/
cacert=/etc/ssl/certs/ca-certificates.crt
Step 7: Now save the file and do your things using curl command.
N.B Here I used nano editor, but you can use any editor.
New contributor
add a comment |
After researching for a few times I got it to work, and the answer ended up being rather a simple one.
Do stepwise
Step:1 Open terminal ctrl+alt+t
Step:2 cd /etc/ssl/certs/
Step:3 sudo wget http://curl.haxx.se/ca/cacert.pem
Step 3 will download pem file in the certs folder
Step 4: Check if .curlrc file is available in your home folder or not.
.curlrc is a hidden file. check by ctrl+h in the home directory.
if not there then on terminal type
Step 5: nano ~/.curlrc
Step 6: Now paste the below lines in the open file
capath=/etc/ssl/certs/
cacert=/etc/ssl/certs/ca-certificates.crt
Step 7: Now save the file and do your things using curl command.
N.B Here I used nano editor, but you can use any editor.
New contributor
After researching for a few times I got it to work, and the answer ended up being rather a simple one.
Do stepwise
Step:1 Open terminal ctrl+alt+t
Step:2 cd /etc/ssl/certs/
Step:3 sudo wget http://curl.haxx.se/ca/cacert.pem
Step 3 will download pem file in the certs folder
Step 4: Check if .curlrc file is available in your home folder or not.
.curlrc is a hidden file. check by ctrl+h in the home directory.
if not there then on terminal type
Step 5: nano ~/.curlrc
Step 6: Now paste the below lines in the open file
capath=/etc/ssl/certs/
cacert=/etc/ssl/certs/ca-certificates.crt
Step 7: Now save the file and do your things using curl command.
N.B Here I used nano editor, but you can use any editor.
New contributor
New contributor
answered 9 mins ago
PyDevSRSPyDevSRS
1011
1011
New contributor
New contributor
add a comment |
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f646594%2fhow-to-fix-ca-cert-issues-with-curl-in-ubuntu-14-04%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown