Curl SSL Certificates problem

Spread the love

If some day you’ll try to get the content of some website under HTTPS protocol using the curl utility and see the error like:

ubuntu@ubuntu:~$ curl https://nodejs.org/dist/
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

You will find the solution here.

In my case it was https://nodejs.org/dist/ resource, I was trying to list the available nodejs dists using the nvm command:

nvm ls-remote

And it was listing only N/A and nothing related to the curl SSL CA certificates issues showed up.

I started researching and found this and this web pages. So basically nothing wrong with my just installed NVM or curl utility, the issue was with the ca-certificates.crt file located in /etc/ssl/certs/ folder (in Ubuntu), it simply did not has the latest CA certificates from nodejs.org domain.

Following the instructions from the official curl website I managed this issue as follows:

First I need to extract CA certificate in PEM format from the needed resource (in my case it is nodejs.org), I’m using openssl tool:

openssl s_client -showcerts -servername nodejs.org -connect nodejs.org:443 > cacert.pem

The CA certificate is stored to local file cacert.pem, now all blocks within (inclusive):

-----BEGIN CERTIFICATE-----
...
...
...
-----END CERTIFICATE-----

needs to be added to the end of /etc/ssl/certs/ca-certificates.crt file, just append it (don’t forget to leave one empty line in the end of the file).

That’s it, try now, the issue should be resolved.


Comments

Leave a Reply