bruce wrote:
I tried to extract the pem as you suggested, placed it in a diff dir.. it works...
So I've got a couple of questions... How did you know which cert/pem file to extract? Why didn't my attempt at getting the cert from the "lock" of the url/address for the smc.edu site not work?
I read the "Issued By" line: * Peer's certificate issuer is not recognized: 'CN=VeriSign Class 3 International Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O="VeriSign, Inc.",C=US'
You downloaded the client certificate that is signed by the CA certificate. In order for curl/NSS to validate the client certificate it needs the CA certificate and not the client certificate.
Also, any idea what I can do regarding the access/path errors I mentioned...
In regards to your private mail, I do not know why you are seeing errors. You may have damanged the cert databases in /etc/pki/nssdb, which are empty by default, but are still used during CA checking.
You can verify the ca-bundle is unharmed by running "rpm -qV ca-certificates". Nothing should print to your terminal if it verifies successfully.