Reputation: 4538
cURL and self-signed certificates: SSL certificate problem unable to get local issuer
I'm trying to test my TLS connections against a web server using self-signed certificates. I've started by generating a self-signed certificate with powershell:
New-SelfSignedCertificate -TextExtension @("2.5.29.17={text}DNS=localhost&IPAddress=come_internal_ip") -Subject IpCert -CertStoreLocation Cert:\LocalMachine\My\
I've also configured IIS to use the certificate and I've exported it int DER and PEM formats. Now, I thought I could test my sites with something like this:
curl --cacert .\ipcert.pem --header 'Host: jsontests.madeira.gov.pt' https://some_internal_ip/api/people
However, all my attempts ended up with the traditional:
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html
The only way I've managed to get it working was to import the self signed certificate into the windows CA store (trusted rootcertification authorities for local machine) and then changing the cmd into something like this:
curl --ca-native --header 'Host: jsontests.madeira.gov.pt' https://some_internal_ip/api/people
Shouldn't option 1 work? What am I missing? How can I make it validate the server's TLS certificate against its PEM file without having to import it into the certificate store?
Upvotes: 0
Views: 37
Answers (0)
Related Questions
- cURL error 60: SSL certificate: unable to get local issuer certificate
- Unable to resolve "unable to get local issuer certificate" using git on Windows with self-signed certificate
- curl: (60) SSL certificate problem: unable to get local issuer certificate
- WSL-Docker: curl: (60) SSL certificate problem: unable to get local issuer certificate
- PHP - SSL certificate error: unable to get local issuer certificate
- curl self-signed certificate web service over SSL
- Issuer certificate is invalid in self signed SSL certificate
- Why won't curl recognise a self-signed SSL certificate?