Skip to content

Instantly share code, notes, and snippets.

@olih

olih/curl-ca.md

Created June 23, 2015 10:57
Show Gist options
  • Star 17 You must be signed in to star a gist
  • Fork 5 You must be signed in to fork a gist
  • Save olih/a50ce2181a657eefb041 to your computer and use it in GitHub Desktop.
Save olih/a50ce2181a657eefb041 to your computer and use it in GitHub Desktop.
Download ZIP
Curl with custom CA certificates
Raw
curl-ca.md

Using curl with custom CA certificates

This document describes how to use curl with both custom and official CA SSL certificates.

Prerequisite

You would need first to install curl , see http://curl.haxx.se/docs/install.html. Using a package manager such as yum, brew, ... for your platform should be the easiest though.

Example for Mac OS:

brew install curl --with-openssl
brew link curl --force
curl --version

CA directory

Create a CA directory which will contain all your CA certificates in the .pem format (ex: /etc/pki/ssl/ca).

Export a custom CA from the firefox browser

Note that this step is only necessary, if you don't already have your custom CA in pem format.

If you open a SSL protected webpage in the firefox browser:

  • click on the lock on the left of the url
  • Then "more information ..."/Security/"View certificate"/Details/"Export ..."/"X.509 Certificate (PEM)"

Export the .pem file in your CA directory

Get all the officially supported certificate authorities

In you CA directory:

curl http://curl.haxx.se/ca/cacert.pem -o firefox.pem

Merge all your .pem in one

In you CA directory:

cat *.pem > ca-all.pem

Configuring cacert

From now on, you should be able configure curl to use your merged CA:

curl --cacert /etc/pki/ssl/ca/ca-all.pem https://mycustomapi.com

You may prefer to update .curlrc by adding the line:

cacert /etc/pki/ssl/ca/ca-all.pem

References

http://curl.haxx.se/docs/sslcerts.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment