recentpopularlog in

kme : castore   5

curl: SSL certificate problem: unable to get local issuer certificate · Issue #2 · torch/ezinstall · GitHub
See: http://stackoverflow.com/questions/3777075/ssl-certificate-rejected-trying-to-access-github-over-https-behind-firewall

Solution 2 in Post#3 is the correct and secure way to do it.
2. Actually install root certificates. Curl guys extracted for you certificates from mozilla:

http://curl.haxx.se/docs/caextract.html

cacert.pem file is what you are looking for. This file contains > 250 CA certs (don't know how to trust this number of ppl). You need to download this file, split it to individual certificates put them to /usr/ssl/certs (your CApath) and index them.
solution  curl  ssl  ca  castore  certificates  openssl  git 
march 2016 by kme
git - SSL certificate rejected trying to access GitHub over HTTPS behind firewall - Stack Overflow
See below for 'configure' flags that were necessary to get 'curl' to look in the right place for the PEM certficate bundle.
Actually install root certificates. Curl guys extracted for you certificates from Mozilla.

cacert.pem file is what you are looking for. This file contains > 250 CA certs (don't know how to trust this number of ppl). You need to download this file, split it to individual certificates put them to /usr/ssl/certs (your CApath) and index them.

Here is how to do it. With cygwin setup.exe install curl and openssl packages execute:

$ cd /usr/ssl/certs
$ curl https://curl.haxx.se/ca/cacert.pem |
awk '{print > "cert" (1+n) ".pem"} /-----END CERTIFICATE-----/ {n++}'
$ c_rehash


I actually used this script:
wget -O - http://curl.haxx.se/ca/cacert.pem | awk 'split_after==1{n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1} {print > "cert" n ".pem"}'


Then I cheated off of the MacPorts Portfile for 'curl' (source: https://trac.macports.org/browser/trunk/dports/net/curl/Portfile) to discover the "--with-ca-bundle=/path/to/curl-ca-bundle.crt" 'configure' flag which seems to have done the trick.

Also useful, in extreme circumstances, how to get Git to ignore SSL certs altogether:
$ env GIT_SSL_NO_VERIFY=true git clone https://github...
git  github  curl  ssl  cacert  castore  certificates  cs  openssl  solution  fuckina 
march 2016 by kme
Certificate Installation with OpenSSL - Other People's Certificates
(Partial) solution to verifying a CA certificate using 'certtool' and a "trusted" MD5 fingerprint.

Used this on 1/1/2010 to verify the SPI (Software in the Public Interest) CA for getting the Debian 'apt' keys.
openssl  webmaster  sysadmin  solution  certificates  castore  ca  ssl 
january 2010 by kme

Copy this bookmark:





to read