Hello, I just renewed my Thawte webserver certificate. This certicifate seems to work fine with various browsers I tried, but it curl, wget on CentOS 5.5 are not able to verify it:
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html I followed these instructions on the above page: o openssl s_client -connect xxxxx.com:443 |tee logfile o type "QUIT", followed by the "ENTER" key o The certificate will have "BEGIN CERTIFICATE" and "END CERTIFICATE" markers. o If you want to see the data in the certificate, you can do: "openssl x509 -inform PEM -in certfile -text -out certdata" where certfile is the cert you extracted from logfile. Look in certdata. o If you want to trust the certificate, you can append it to your cert_bundle or use it stand-alone as described. Just remember that the security is no better than the way you obtained the certificate. but still I kept getting the same error with both curl and wget: # curl --cacert certdata https://www.neonova.nl/licence.php curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html What to do? Thanks, Ron Arts ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
