not sure the "--insecure -k" option is the right/best approach for
this. although it does work..
As far as I can tell, it should be possible to download the "pem"/cert
from the site, via FF, and to then use this data in the curl..
However, I can't quite get this to work correctly. Might be user error.
Here's what I've done so far.
the base curl cmd is:
curl -A "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:18.104.22.168)
Gecko/2009061118 Fedora/3.0.11-1.fc9 Firefox/3.0.11" --cookie-jar
wayne.lwp --cookie wayne.lwp -L
running on fedora/centos as test systems
1) inserted the base site
FF address bar.
2) selected the "lock" at the left of the address bar, to get the cert/data
3) did an export of the pem/cert data. -[not the chain]
4) as far as I can tell, from the debug "-vvv" output,
----* Initializing NSS with certpath: /etc/pki/nssdb
----* CAfile: /etc/pki/tls/certs/ca-bundle.crt
the ca-bundle is the file with the certs.
I then copied the data from the foo.pem that I got from the smc
site/pem and added the results to the end of the ca-bundle.crt file
I then reran the curl cmd, and got the same errors I got before..
So 1) Is the pem file I downloaded, the correct cert file for the
site, and 2) Is the ca-bundle.crt file the correct file to append the
data to/in. Or is there some different file that I should be doing the
insertion of the downloaded pem/cert data.
Once all of this works, I'll place this in stackoverflow for others!
On Fri, Nov 1, 2013 at 11:15 AM, Chris Adams <linux(a)cmadams.net> wrote:
Once upon a time, bruce <badouglas(a)gmail.com> said:
> trying to do a simple curl for the college site
> curl -A "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:22.214.171.124)
> Gecko/2009061118 Fedora/3.0.11-1.fc9 Firefox/3.0.11" -L
They have a VeriSign-signed SSL cert, but they probably didn't follow
the directions and install the intermediate cert correctly (it might
work in Firefox because it includes more CA certs). Only the server
admins for isiscc.smc.edu
can fix that.
Until they get it fixed, you can bypass cert validation with the
"--insecure" option to curl or the "--no-check-certificate" option
wget. It isn't recommended because it defeats the purpose of SSL.
Chris Adams <linux(a)cmadams.net>
users mailing list
To unsubscribe or change subscription options:
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Have a question? Ask away: http://ask.fedoraproject.org