Using RHEL/AL2, `curl` works when I use the `--cacert` param, but fails without

Question

Using RHEL/AL2, curl works when I use the --cacert param, but fails without

When I try to connect to a server I get an error curl: (60) SSL certificate problem: unable to get local issuer certificate.

However when I provide the cert itself from /etc/ssl/certs via --cacert the problem goes away.

I'm not too familiar with certificates but I'd imagine how curl pulls the cert for a specific server is somehow not right.

Any ideas?

Which cert do you provide from /etc/ssl/certs? – Ginnungagap Oct 25 '23 at 04:38 — Ginnungagap, Oct 25 '23 at 04:38
an internal cert for my company – Ben Arnao Oct 25 '23 at 16:09 — Ben Arnao, Oct 25 '23 at 16:09

score 0 · Answer 1 · answered Oct 29 '23 at 15:24

In order to be able to use Self-Signed Certificates and to let OS tools validate chain

Place the certificate under /etc/pki/ca-trust/source/anchors/
Update the trust via /bin/update-ca-trust extract
Additionally, if Java is installed on the system, place a symlink to /etc/pki/ca-trust/extracted/java/cacerts

Further Readings

1 Answers1