Mdthbs

Should I "tell" my exposition or give it through dialogue?

Movie where a boy is transported into the future by an alien spaceship

Does the "6 seconds per round" rule apply to speaking/roleplaying during combat situations?

How to pass a regex when finding a directory path in bash?

Who operates delivery flights for commercial airlines?

Through what methods and mechanisms can a multi-material FDM printer operate?

Is it possible to trip with natural weapon?

Why is the relationship between frequency and pitch exponential?

Avoiding cliches when writing gods

Why did a party with more votes get fewer seats in the 2019 European Parliament election in Denmark?

What is the advantage of carrying a tripod and ND-filters when you could use image stacking instead?

Is it legal in the UK for politicians to lie to the public for political gain?

How were concentration and extermination camp guards recruited?

Did Darth Vader wear the same suit for 20+ years?

OOP demonstration in C++17 using a Pokémon

What is the traditional way of earning a doctorate in Germany?

C SIGINT signal in Linux

What do we gain with higher order logics?

On the Twin Paradox Again

How to skip replacing first occurrence of a character in each line?

Can a 2nd-level sorcerer use sorcery points to create a 2nd-level spell slot?

Implement Homestuck's Catenative Doomsday Dice Cascader

Do manufacturers try make their components as close to ideal ones as possible?

Why don’t airliners have temporary liveries?

Curl not returning response

Adding certificates to trusted CA on FedoracURL and Iceweasel disagree about TLS certificate validity, despite same CATrying to install Puppet Enterprise on Linux 7 and getting Certification errorHow do I find the ultimate CA cert in a 'valid' certificateAll TLS requests giving Peer's certificate issuer has been marked as not trusted by the userUsing curl with certificates on Ubuntu 16.04Unable to use curl with cookie-jarAdd LDAP server certificate to trusted list and enable certificate verificationWhat is the purpose of “use curl --cookie with a file that doesn't exist”?What HTTP request and response headers do `curl --cert` and `curl --cacert` read and write?

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}

0

I have a scenario where I was using curl --noproxy "*" https://.. to get the response but suddenly when I use it now it doesn't return me the response instead it says

curl: (60) Peer certificate cannot be authenticated with known CA certificates

More details here: http://curl.haxx.se/docs/sslcerts.html

now when I use curl -k https:// it gives me response.
I am not sure what went wrong and what could be the cause for this.

Any idea how to not use curl -k insecure option ?

linux curl proxy certificates

share|improve this question

edited Feb 28 '18 at 12:03

Jeff Schaller♦

46.2k1166150

asked Feb 28 '18 at 11:52

vanishkavanishka

11

bumped to the homepage by Community♦ 1 hour ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

add a comment | 

0

I have a scenario where I was using curl --noproxy "*" https://.. to get the response but suddenly when I use it now it doesn't return me the response instead it says

curl: (60) Peer certificate cannot be authenticated with known CA certificates

More details here: http://curl.haxx.se/docs/sslcerts.html

now when I use curl -k https:// it gives me response.
I am not sure what went wrong and what could be the cause for this.

Any idea how to not use curl -k insecure option ?

linux curl proxy certificates

share|improve this question

edited Feb 28 '18 at 12:03

Jeff Schaller♦

46.2k1166150

asked Feb 28 '18 at 11:52

vanishkavanishka

11

bumped to the homepage by Community♦ 1 hour ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

add a comment | 

I have a scenario where I was using curl --noproxy "*" https://.. to get the response but suddenly when I use it now it doesn't return me the response instead it says

curl: (60) Peer certificate cannot be authenticated with known CA certificates

More details here: http://curl.haxx.se/docs/sslcerts.html

now when I use curl -k https:// it gives me response.
I am not sure what went wrong and what could be the cause for this.

Any idea how to not use curl -k insecure option ?

linux curl proxy certificates

share|improve this question

edited Feb 28 '18 at 12:03

Jeff Schaller♦

46.2k1166150

asked Feb 28 '18 at 11:52

vanishkavanishka

11

curl: (60) Peer certificate cannot be authenticated with known CA certificates

More details here: http://curl.haxx.se/docs/sslcerts.html

share|improve this question

edited Feb 28 '18 at 12:03

Jeff Schaller♦

46.2k1166150

asked Feb 28 '18 at 11:52

vanishkavanishka

11

share|improve this question

edited Feb 28 '18 at 12:03

Jeff Schaller♦

46.2k1166150

asked Feb 28 '18 at 11:52

vanishkavanishka

11

edited Feb 28 '18 at 12:03

Jeff Schaller♦

46.2k1166150

edited Feb 28 '18 at 12:03

Jeff Schaller♦

46.2k1166150

asked Feb 28 '18 at 11:52

vanishkavanishka

11

asked Feb 28 '18 at 11:52

vanishkavanishka

11

2 Answers
2

active

oldest

votes

0

You can load a valid certificate for the site you are trying to connect to with the --cacert /path/to/crt/file. The -k option is usually used for self-signed certs, although I always try and use --cacert.

share|improve this answer

edited Mar 2 '18 at 9:02

terdon♦

136k33276457

answered Feb 28 '18 at 12:07

pm1391pm1391

1013

add a comment | 

0

If this happened recently, maybe the remote certificate was signed by an authority not present in your certificate store. If you have no doubt about remote site being legitimate, -k is an option. However:

• you can try to update your system to refresh ca-certificates package


• 
  

  you can get information about certificates using openssl s_client which has many options to debug SSL things.

  
  
  

  ex:
  $ openssl s_client -connect google.com:443

  
  
  
  
  
  • Also: you cant get additional detail on certificates by extending the command like this:
  
  
  
  

  $ openssl s_client -connect google.com:443 | openssl x509 -noout -text

  
  

which includes validity dates, for example :

... Certificate:

    Data:

        Version: 3 (0x2)

        Serial Number: 5230064140940427690 (0x4894eba0494341aa)

    Signature Algorithm: sha256WithRSAEncryption

        Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2

        Validity

            Not Before: Feb 13 10:55:29 2018 GMT

            Not After : May  8 10:40:00 2018 GMT

        Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com

        Subject Public Key Info:

            Public Key Algorithm: rsaEncryption

                Public-Key: (2048 bit)

                Modulus:

                    00:d7:14:f9:54:c2:48:c4:4c:be:22:b1:59:23:79:

      ... 

share|improve this answer

edited Mar 2 '18 at 11:56

answered Feb 28 '18 at 12:22

tonioctonioc

1,30979

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  is this anything related to user ? I had created a different user and assigned root permissions
  
  – vanishka
  Feb 28 '18 at 12:29
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  no, the ca-certificates are usually globally accessible. However, if it wroked with another user, you should try again with that. And if so look for differences in environment.
  
  – tonioc
  Feb 28 '18 at 12:36
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  okay , thanks for the explanation. two questions now, 1. if I use curl -k is there any harm is this insecure ? 2. I remember I had created a user then assigned root permissions to it then in root profile i had exported the proxy settings (when ever I do sudo su root it redirects me to my home) now few days back I created a new user and assigned root permissions to it is there any relation that I should del that user ?
  
  – vanishka
  Feb 28 '18 at 13:22
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  1. "-k" option : this option prevents remote certificate from being verified. As a consequence, you are never sure the communication is actually going to the server you think it goes.
  
  – tonioc
  Feb 28 '18 at 16:54
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  2. I don't think these are linked. What is the result of openssl s_client -connect <yoursite>:443 ?
  
  – tonioc
  Feb 28 '18 at 16:55
  

  
  
  
  

 | 
show 6 more comments

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f427177%2fcurl-not-returning-response%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

0

You can load a valid certificate for the site you are trying to connect to with the --cacert /path/to/crt/file. The -k option is usually used for self-signed certs, although I always try and use --cacert.

share|improve this answer

edited Mar 2 '18 at 9:02

terdon♦

136k33276457

answered Feb 28 '18 at 12:07

pm1391pm1391

1013

add a comment | 

0

You can load a valid certificate for the site you are trying to connect to with the --cacert /path/to/crt/file. The -k option is usually used for self-signed certs, although I always try and use --cacert.

share|improve this answer

edited Mar 2 '18 at 9:02

terdon♦

136k33276457

answered Feb 28 '18 at 12:07

pm1391pm1391

1013

add a comment | 

You can load a valid certificate for the site you are trying to connect to with the --cacert /path/to/crt/file. The -k option is usually used for self-signed certs, although I always try and use --cacert.

share|improve this answer

edited Mar 2 '18 at 9:02

terdon♦

136k33276457

answered Feb 28 '18 at 12:07

pm1391pm1391

1013

share|improve this answer

edited Mar 2 '18 at 9:02

terdon♦

136k33276457

answered Feb 28 '18 at 12:07

pm1391pm1391

1013

edited Mar 2 '18 at 9:02

terdon♦

136k33276457

edited Mar 2 '18 at 9:02

terdon♦

136k33276457

answered Feb 28 '18 at 12:07

pm1391pm1391

1013

answered Feb 28 '18 at 12:07

pm1391pm1391

1013

0

If this happened recently, maybe the remote certificate was signed by an authority not present in your certificate store. If you have no doubt about remote site being legitimate, -k is an option. However:

• you can try to update your system to refresh ca-certificates package


• 
  

  you can get information about certificates using openssl s_client which has many options to debug SSL things.

  
  
  

  ex:
  $ openssl s_client -connect google.com:443

  
  
  
  
  
  • Also: you cant get additional detail on certificates by extending the command like this:
  
  
  
  

  $ openssl s_client -connect google.com:443 | openssl x509 -noout -text

  
  

which includes validity dates, for example :

... Certificate:

    Data:

        Version: 3 (0x2)

        Serial Number: 5230064140940427690 (0x4894eba0494341aa)

    Signature Algorithm: sha256WithRSAEncryption

        Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2

        Validity

            Not Before: Feb 13 10:55:29 2018 GMT

            Not After : May  8 10:40:00 2018 GMT

        Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com

        Subject Public Key Info:

            Public Key Algorithm: rsaEncryption

                Public-Key: (2048 bit)

                Modulus:

                    00:d7:14:f9:54:c2:48:c4:4c:be:22:b1:59:23:79:

      ... 

share|improve this answer

edited Mar 2 '18 at 11:56

answered Feb 28 '18 at 12:22

tonioctonioc

1,30979

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  is this anything related to user ? I had created a different user and assigned root permissions
  
  – vanishka
  Feb 28 '18 at 12:29
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  no, the ca-certificates are usually globally accessible. However, if it wroked with another user, you should try again with that. And if so look for differences in environment.
  
  – tonioc
  Feb 28 '18 at 12:36
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  okay , thanks for the explanation. two questions now, 1. if I use curl -k is there any harm is this insecure ? 2. I remember I had created a user then assigned root permissions to it then in root profile i had exported the proxy settings (when ever I do sudo su root it redirects me to my home) now few days back I created a new user and assigned root permissions to it is there any relation that I should del that user ?
  
  – vanishka
  Feb 28 '18 at 13:22
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  1. "-k" option : this option prevents remote certificate from being verified. As a consequence, you are never sure the communication is actually going to the server you think it goes.
  
  – tonioc
  Feb 28 '18 at 16:54
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  2. I don't think these are linked. What is the result of openssl s_client -connect <yoursite>:443 ?
  
  – tonioc
  Feb 28 '18 at 16:55
  

  
  
  
  

 | 
show 6 more comments

0

If this happened recently, maybe the remote certificate was signed by an authority not present in your certificate store. If you have no doubt about remote site being legitimate, -k is an option. However:

• you can try to update your system to refresh ca-certificates package


• 
  

  you can get information about certificates using openssl s_client which has many options to debug SSL things.

  
  
  

  ex:
  $ openssl s_client -connect google.com:443

  
  
  
  
  
  • Also: you cant get additional detail on certificates by extending the command like this:
  
  
  
  

  $ openssl s_client -connect google.com:443 | openssl x509 -noout -text

  
  

which includes validity dates, for example :

... Certificate:

    Data:

        Version: 3 (0x2)

        Serial Number: 5230064140940427690 (0x4894eba0494341aa)

    Signature Algorithm: sha256WithRSAEncryption

        Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2

        Validity

            Not Before: Feb 13 10:55:29 2018 GMT

            Not After : May  8 10:40:00 2018 GMT

        Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com

        Subject Public Key Info:

            Public Key Algorithm: rsaEncryption

                Public-Key: (2048 bit)

                Modulus:

                    00:d7:14:f9:54:c2:48:c4:4c:be:22:b1:59:23:79:

      ... 

share|improve this answer

edited Mar 2 '18 at 11:56

answered Feb 28 '18 at 12:22

tonioctonioc

1,30979

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  is this anything related to user ? I had created a different user and assigned root permissions
  
  – vanishka
  Feb 28 '18 at 12:29
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  no, the ca-certificates are usually globally accessible. However, if it wroked with another user, you should try again with that. And if so look for differences in environment.
  
  – tonioc
  Feb 28 '18 at 12:36
  
  
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  okay , thanks for the explanation. two questions now, 1. if I use curl -k is there any harm is this insecure ? 2. I remember I had created a user then assigned root permissions to it then in root profile i had exported the proxy settings (when ever I do sudo su root it redirects me to my home) now few days back I created a new user and assigned root permissions to it is there any relation that I should del that user ?
  
  – vanishka
  Feb 28 '18 at 13:22
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  1. "-k" option : this option prevents remote certificate from being verified. As a consequence, you are never sure the communication is actually going to the server you think it goes.
  
  – tonioc
  Feb 28 '18 at 16:54
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  2. I don't think these are linked. What is the result of openssl s_client -connect <yoursite>:443 ?
  
  – tonioc
  Feb 28 '18 at 16:55
  

  
  
  
  

 | 
show 6 more comments

If this happened recently, maybe the remote certificate was signed by an authority not present in your certificate store. If you have no doubt about remote site being legitimate, -k is an option. However:

• you can try to update your system to refresh ca-certificates package


• 
  

  you can get information about certificates using openssl s_client which has many options to debug SSL things.

  
  
  

  ex:
  $ openssl s_client -connect google.com:443

  
  
  
  
  
  • Also: you cant get additional detail on certificates by extending the command like this:
  
  
  
  

  $ openssl s_client -connect google.com:443 | openssl x509 -noout -text

  
  

which includes validity dates, for example :

... Certificate:

    Data:

        Version: 3 (0x2)

        Serial Number: 5230064140940427690 (0x4894eba0494341aa)

    Signature Algorithm: sha256WithRSAEncryption

        Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2

        Validity

            Not Before: Feb 13 10:55:29 2018 GMT

            Not After : May  8 10:40:00 2018 GMT

        Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com

        Subject Public Key Info:

            Public Key Algorithm: rsaEncryption

                Public-Key: (2048 bit)

                Modulus:

                    00:d7:14:f9:54:c2:48:c4:4c:be:22:b1:59:23:79:

      ... 

share|improve this answer

edited Mar 2 '18 at 11:56

answered Feb 28 '18 at 12:22

tonioctonioc

1,30979

... Certificate:

    Data:

        Version: 3 (0x2)

        Serial Number: 5230064140940427690 (0x4894eba0494341aa)

    Signature Algorithm: sha256WithRSAEncryption

        Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2

        Validity

            Not Before: Feb 13 10:55:29 2018 GMT

            Not After : May  8 10:40:00 2018 GMT

        Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com

        Subject Public Key Info:

            Public Key Algorithm: rsaEncryption

                Public-Key: (2048 bit)

                Modulus:

                    00:d7:14:f9:54:c2:48:c4:4c:be:22:b1:59:23:79:

      ... 

share|improve this answer

edited Mar 2 '18 at 11:56

answered Feb 28 '18 at 12:22

tonioctonioc

1,30979

answered Feb 28 '18 at 12:22

tonioctonioc

1,30979

answered Feb 28 '18 at 12:22

tonioctonioc

1,30979