0

I have an issue with curl (Centos 6 env) does not recognize Geotrust intermediary certificate:

*   Trying 192.168.6.6... connected
* Connected to composer.graymatter.co.uk (192.168.6.6) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
    CApath: none
* Peer's certificate issuer is not recognized: 'CN=GeoTrust DV SSL CA - G4,OU=Domain Validated SSL,O=GeoTrust Inc.,C=US'
* NSS error -8179
* Closing connection #0

The strange thing is it only started happening recently. (about a month ago). I have updated the ca bundle file with:

curl https://curl.haxx.se/ca/cacert.pem -o /etc/pki/tls/certs/ca-bundle.crt

But it did not help. At this point my knowledge runs out and I need some help. The certificate on the destination server was working perfectly before and I have no problem connecting to it using my local OSX machine so I am quite sure that the cert itself is ok.

P.S. the curl connection is used by composer so adding "--insecure" is not an option

Auris
  • 311
  • 1
  • 3
  • 14
  • Looking here: https://www.ssllabs.com/ssltest/analyze.html?d=curl.haxx.se&s=80.67.6.50&latest it seems like curl.haxx.se is using LetsEncrypt and not GeoTrust so confused what you are asking? Also looks like the certificate started a month ago - which is when you say you started seeing issues. – Barry Pollard Feb 06 '16 at 07:48

1 Answers1

1

Checking here it seems you might need to install an Intermediate/chain certificate.

FoamyBeer
  • 371
  • 1
  • 5
  • Hi, thnx, adding the GeoTrust G4 intermediate certificate to the ca-bundle.crt helped. I did that as a manual copy paste solution, but is there a way to install it in a way that it would not be overwritten with the next updates that touches the file? – Auris Feb 08 '16 at 11:22