Geek Answers Handbook

CURL says certificate expired, Firefox disagrees

I am trying to access the internal site through cURL (which I could access a few days ago). However, cURL gives an error curl: (60) SSL certificate problem: certificate has expired. If I use opensslto check the start and end dates of the certificate, this gives a time frame in which I feel good:

echo | openssl s_client -connect internalsite.example.com:443 2>/dev/null | openssl x509 -noout -dates
notBefore=Nov 30 00:00:00 2012 GMT
notAfter=Mar 30 12:00:00 2016 GMT
# For reference, the day I'm posting this is July 30th, 2014

Also, if I use cURL on another computer or connect through a browser (Firefox, Chrome or IE), I can connect without errors.

In addition, I cannot connect to any version of cURL on my own computer; this includes cURL on Cygwin and cURL on Ubuntu inside the virtual machine, as well as the Windows version.

What could lead to this behavior?

+4
source share
2 answers

Your certificate pack is probably out of date.

You can get one that is supported by curl developers at http://curl.haxx.se/ca/cacert.pem

To use it:

<?
$ch = curl_init("http://example.com");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_CAINFO, '/path/to/cacert.pem');
$response = curl_exec($ch);
+1
source

My curl uses a certificate package stored in:

/etc/ssl/certs/ca-certificates.crt

I had this problem in the past and fixed it by looking at the machine where curl was working and comparing .crt files with these two machines and copying the missing certificate.

I had this problem again, and I fixed it this time by simply copying the whole file from a newer machine (later installing Ubuntu - the machine on which I have a problem is ancient).

And it worked.

+1
source

More articles:


All Articles