Curl says ssl certificate expired but my ssl certificate not expired using php. I have no idea about this. Where do I get cert? Where should I add?
Related
I need to connect to a 3rd party API signed by Go Daddy secure certificate authority - G2. (I verified that in the Chrome browser).
When I try to issue a curl request to that API over port 8443 (which is opened) I receive the following error:
SSL certificate problem: unable to get local issuer certificate
Closing connection 0 curl: (60) SSL certificate problem: unable to get local issuer certificate More details here:
https://curl.haxx.se/docs/sslcerts.html
I checked and in the default curl cacert store there is Go Daddy secure certificate authority - G2 listed.
I also downloaded the latest cacert store from https://curl.se/docs/caextract.html and used that by supplying --cacert option to curl command and again I received the same error.
By using -v option with curl command in output I receive which cacert store is used so with that I am sure it is using the one I explicitly added to the command.
Since the certificate exists in cacert store that I am telling curl to use, what else am I missing here?
I'm using Lets Encrypt Certbot to generate ssl certificate btw if you notice my url already have https, I only generated it manually and that's not secured. Just want to know if my url is acceptable to have a ssl certificate.
You can get an SSL certificate for any website. You just have to verify ownership of your domain and once the certificate has been issued to you upload it to your website host.
I am trying to activate HTTPS for my domain name. Chrome recognizes the SSL certificate when i go to https://www.example.com, but I get the error and it says that my SSL is not trusted. What do I need to do to get my SSL certificate to be trusted?
Instead of using a self-signed certificate, get one from a certificate provider. I'd recommend you looking at LetsEncrypt because they have a good automated support for being able to renew certificates automatically.
How to fix the below ERROR? I must use the certificate. while i use the "https://apcera-dns.prod.apcera.net/exists/myapceratest" in firefox, it is not problem, why does wget get wrong?
apple#apple-Z600:~/virtualbox/apcera$ wget https://apcera-dns.prod.apcera.net/exists/myapceratest
--2016-05-19 04:14:55-- https://apcera-dns.prod.apcera.net/exists/myapceratest
Resolving apcera-dns.prod.apcera.net (apcera-dns.prod.apcera.net)... 54.186.184.30, 52.10.181.83, 54.149.113.218
Connecting to apcera-dns.prod.apcera.net (apcera-dns.prod.apcera.net)|54.186.184.30|:443... connected.
ERROR: cannot verify apcera-dns.prod.apcera.net's certificate, issued by ‘/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2’:
Issued certificate has expired.
To connect to apcera-dns.prod.apcera.net insecurely, use `--no-check-certificate'.
Most probably the Issued certificate has expired.
I am using self signed certificates with Apache mod_ssl module but I am getting
> curl_easy_perform() failed on: https://localhost/auth/example (SSL
> certificate problem: self signed certificate)
Is their a way to make ssl not fail? I know that curl has the option --insecure or -k so is there something similar I can add to http-ssl.conf?
mod_ssl will present whatever certificate it is configured to present. It is a client decision whether to accept the presented certificate or not; there is nothing you can configure in mod_ssl, other than the certificate itself, that will influence client verification.
If you want Curl to accept the server certificate, you can either:
Use --insecure/-k (as you are already aware)
Obtain a certificate signed by a public, trusted certificate authority (CA)
Use a self-signed CA to sign the server certificate, and tell Curl to verify the server certificate using that CA via the --cacert <CA certificate> option.