Add self signed certificate to ubuntu for use with curl

Question

I'm developing a program where I have a virtual development server that runs with a self signed certificate. My program uses curl to connect to the server and pull information, but needs to do so with SSL. When I try to connect I get the error "SSL certificate problem, verify that the CA cert is OK." When running firefox I can add the certificate to just firefox, but that doesn't help me with curl. How do I add the certificate for curl to recognize?

curl 7.19.7 (x86_64-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15 Protocols: tftp ftp telnet dict ldap ldaps http file https ftps Features: GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz

Ubuntu 10.04 Lucid Lynx 64bit

Answer 1

First, in your Linux, you should add your CERTIFICATE.cert to /usr/local/share/ca-certificates/. After that by adding --cacert CERTIFICATE.cert to your command, curl will automatically use this certificate in that request.

Exp: curl --cacert CERTIFICATE.cert GET "URL".

Obviously, you can edit the request to have your desired request.

Answer 2

Add your rootCA.pem in /usr/share/ca-certificates directory.

After that update your certificates with: update-ca-certificates --fresh command.

I just did that, and works fine.

Answer 3

I'd copy the certificate to /usr/local/share/ca-certificates/.

Let me quote the man page for update-ca-certificates:

Furthermore all certificates with a .crt extension found below /usr/local/share/ca-certificates are also included as implicitly trusted.

Answer 4

This is one way that worked for me:

First, get the CA cert from the development domain and save it to a file called 'logfile'. (Assumes port 443 for SSL)

openssl s_client -connect xxxxx.com:443 |tee logfile

Then, use the --cacert curl option to use the saved certificate file.

curl --cacert logfile **THE REST OF YOUR CURL COMMAND**

Source: http://curl.haxx.se/docs/sslcerts.html