On Tue, Jan 11, 2011 at 11:51:47PM +0100, Ron Arts wrote:
> I just renewed my Thawte webserver certificate. This certicifate seems to
> work fine with various browsers I tried, but it curl, wget on CentOS 5.5
> are not able to verify it:
Browsers often have a fairly large set of trusted roots and even some
common intemediate CA certificates in their "CA bundle". While curl
uses OpenSSL directly, and a default build of OpenSSL comes with zero
trusted roots.
You need point curl at a suitable CAfile/CApath, and configure the server
with not only the leaf certificate, but also any intemediate certificates
that form part of its "trust chain".
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
