Skip navigation.
Home

curl: (60) SSL certificate problem, verify that the CA cert is OK.

When using curl (or libcurl) to retrieve a document from an https-source, the following error occurs:

# curl https://some.url.com/
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

The error is shown because the CA-certificate cannot be found in the local CA-certiciate store that curl uses.

To create a new, up-to-date CA-certificate store, you can use the scripts that come as part of curl itself. This results in a CA-certificate store that contains the CA-certificate as they were selected by the curl-developers.

On a Mac OSX installment, the following steps can be taken:

1) Download and unpack recent CURL-package (i.e. 7.19.6)
2) Use a terminal to enter directory "curl-7.19.6/lib"
3) execute: ./mk-ca-bundle.pl
In my case, the output of the above command was:
Downloading 'certdata.txt' ...
Processing 'certdata.txt' ...
Done (140 CA certs processed).

A new CA-certificate store is created as "ca-bundle.crt" in directory "curl-7.19.6/lib". Install this file as curl-ca-bundle in /usr/share/curl (keeping a local backup of the originally installed version)

4) execute: sudo mv /usr/share/curl/ca-bundle.crt /usr/share/curl/ca-bundle.crt.original
5) execute: sudo mv ca-bundle.crt /usr/share/curl/ca-bundle.crt

The problem should be solved now.