Timeline for How to trust self-signed certificate in cURL command line?
Current License: CC BY-SA 4.0
13 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Oct 19, 2018 at 11:14 | comment | added | Robert Brisita | I have zero experience with Traefik. I am assuming Traefik is trying to verify the self-signed certificate. My development environments are local and AWS EC2 instances with either Apache2 or Nginx. I would suggest reviewing how Let's Encrypt (LE) configures Traefik and where LE tells Traefik where it stores it's certificate and key files. That is where you want to point to the respective files. I would also suggest to update your question with the software that you are working with. I incorrectly assumed you were using a popular web-server to validate the certificates. | |
| Oct 17, 2018 at 23:32 | comment | added | l0b0 | I'm terminating TLS with Traefik, and that works fine with Let's Encrypt certificates. | |
| Oct 17, 2018 at 21:32 | comment | added | Robert Brisita | I have never encountered that error message but a different error message is good. Which web server are you using? It might be misconfigured to serve the certificate. For instance in a virtual host ssl Apache2 config file there would be: SSLCertificateFile ${CRT_OUT} SSLCertificateKeyFile ${KEY_OUT} The variables are file paths to where the generated keys live on the server. | |
| Oct 17, 2018 at 0:23 | comment | added | l0b0 | OK, I did exactly what you wrote, and now it says "SSL certificate problem: unable to get local issuer certificate". | |
| Sep 13, 2018 at 12:21 | comment | added | Robert Brisita | Yes. It is different formats. I give you what worked for me. Do what you will. Have a good day. | |
| Sep 12, 2018 at 20:20 | comment | added | Michael Mrozek | Is there some reason to believe that using openssl to download the certificate from the server will be different than just using the copy already on disk from when it was generated? | |
| Sep 12, 2018 at 19:30 | review | Low quality posts | |||
| Sep 13, 2018 at 6:37 | |||||
| Sep 12, 2018 at 19:27 | comment | added | l0b0 | I created the certificate, so I don't need to retrieve it. That is not what the question is about, and rather than assuming that I don't have the certificate I would suggest using comments to ask such follow-up questions. | |
| Sep 12, 2018 at 16:55 | comment | added | Robert Brisita | That is where the problem lies. I believe you are using the certificate from the --out argument rather than following the steps in my answer. | |
| Sep 12, 2018 at 1:39 | comment | added | l0b0 | I already have the certificate. Please read my question. | |
| Sep 11, 2018 at 23:55 | comment | added | Robert Brisita | I understand your frustration. Did you try the openssl command and save the cert from the server you are connecting to? The ignore is just another option for someone else to try if they don't really need to test with HTTPS. | |
| Sep 11, 2018 at 19:35 | comment | added | l0b0 | -1 I already tried --cacert. And I'm definitely not interested in ignoring the certificate. This is terrible advice. | |
| Sep 11, 2018 at 19:19 | history | answered | Robert Brisita | CC BY-SA 4.0 |