hmm...
not sure the "--insecure -k" option is the right/best approach for this. although it does work..
As far as I can tell, it should be possible to download the "pem"/cert from the site, via FF, and to then use this data in the curl..
However, I can't quite get this to work correctly. Might be user error.
Here's what I've done so far.
the base curl cmd is: curl -A "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.11) Gecko/2009061118 Fedora/3.0.11-1.fc9 Firefox/3.0.11" --cookie-jar wayne.lwp --cookie wayne.lwp -L "https://isiscc.smc.edu/pls/apex/f?p=123:1:3916268190676791" -vvv
running on fedora/centos as test systems
1) inserted the base site
https://isiscc.smc.edu/pls/apex/f?p=123:1:3916268190676791 into the
FF address bar. 2) selected the "lock" at the left of the address bar, to get the cert/data 3) did an export of the pem/cert data. -[not the chain] 4) as far as I can tell, from the debug "-vvv" output, ----* Initializing NSS with certpath: /etc/pki/nssdb ----* CAfile: /etc/pki/tls/certs/ca-bundle.crt the ca-bundle is the file with the certs.
I then copied the data from the foo.pem that I got from the smc site/pem and added the results to the end of the ca-bundle.crt file
I then reran the curl cmd, and got the same errors I got before..
So 1) Is the pem file I downloaded, the correct cert file for the site, and 2) Is the ca-bundle.crt file the correct file to append the data to/in. Or is there some different file that I should be doing the insertion of the downloaded pem/cert data.
Once all of this works, I'll place this in stackoverflow for others!
thanks
On Fri, Nov 1, 2013 at 11:15 AM, Chris Adams linux@cmadams.net wrote:
Once upon a time, bruce badouglas@gmail.com said:
hi.
trying to do a simple curl for the college site curl -A "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.11) Gecko/2009061118 Fedora/3.0.11-1.fc9 Firefox/3.0.11" -L https://isiscc.smc.edu/pls/apex/f?p=123:1:3916268190676791 -vvv
They have a VeriSign-signed SSL cert, but they probably didn't follow the directions and install the intermediate cert correctly (it might work in Firefox because it includes more CA certs). Only the server admins for isiscc.smc.edu can fix that.
Until they get it fixed, you can bypass cert validation with the "--insecure" option to curl or the "--no-check-certificate" option to wget. It isn't recommended because it defeats the purpose of SSL.
-- Chris Adams linux@cmadams.net -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org