0

I created self signed certificate and is being used in my express project. The problem is when I do

    curl https://<domain>

doesn't and only works with -k option, it doesn't use the certificate to encrypt its content. I don't see how that is effective since that is similar to http itself.

Also from what I understand in CA signing request is that browsers like chrome they are preinstalled with the information trusted CAs in the web such as Verisign. So how does curl work in this way, does it also know before hand like in chrome regarding who are the trusted CAs?

Also in my project the app communicates with the ec2 machine does it need client side certificate for https ?

user3630406
  • 319
  • 1
  • 3
  • 9

1 Answers1

0

Yes, curl has a pointer to a list of trusted Certificate Authority keys. You can override it with the --capath flag.

aecolley
  • 1,973
  • 11
  • 10
  • i followed this tutorial [link](http://docs.nodejitsu.com/articles/HTTP/servers/how-to-create-a-HTTPS-server) to make a self-signed certificate called cert.pem (which i also copied to my laptop) for my express project running on ec2. However when I run this command from my laptop `curl --cacert ~/Desktop/cert.pem https:///isOnline` it gives me the following error `curl: (51) SSL: certificate verification failed (result: 5).` – user3630406 Aug 30 '14 at 07:24
  • @user3630406 Oh, you're using OS X. Curl with self-signed certificates was broken by an OS update, and there is now some significant rigmarole required. See step 2 in http://curl.haxx.se/mail/archive-2013-10/0036.html for details. – aecolley Aug 31 '14 at 12:50