Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

curl: (60) Peer's Certificate issuer is not recognized.

Tags:

curl

https

.net-core

I am trying to install the .net Core SDK 2.0.0 on Centos 7 following the directions in ".NET Tutorial - Hello World in 5 minutes".

When I ran the first command

sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc

I got this error:

curl: (60) Peer's Certificate issuer is not recognized.
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
error: https://packages.microsoft.com/keys/microsoft.asc: import read failed(2)

I am behind a corporate proxy, and it seems this error is related to SSL certificate and curl, but I don't know how to fix it.

Also, I get a similar error when I use curl or wget to download the HTTPS URL.

like image 716
user3025127 Avatar asked Dec 06 '17 14:12

user3025127

Video Answer

3 Answers

I had the same issue and then just temporary turned off SSL check and installed the packages. But please be warned that this is bypassing a security measure so use with caution.

sudo vi /etc/yum.conf

And then on the editor just add the following line

sslverify=false
like image 197
Chandima Jayawickrema Avatar answered Oct 10 '22 19:10

Chandima Jayawickrema

Finally fixed it. Posting the answer here as reference.

  • Get a copy of the company trusted root certificate
  • If it's not in PEM format, convert it. (e.g. for DER run openssl x509 -in xxx.cer -inform der -outform pem -out xxx.pem)
  • Install the ca-certificates package: yum install ca-certificates
  • Enable the dynamic CA configuration feature: update-ca-trust force-enable
  • Place the root certificate in /etc/pki/ca-trust/source/anchors/
  • Run update-ca-trust extract to add the root to the system's trusted certificates

References:

https://support.ssl.com/Knowledgebase/Article/View/19/0/der-vs-crt-vs-cer-vs-pem-certificates-and-how-to-convert-them

http://manuals.gfi.com/en/kerio/connect/content/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html

like image 26
user3025127 Avatar answered Oct 10 '22 20:10

user3025127

Check if your server has valid proxy settings.

like image 1
maureenCindy Avatar answered Oct 10 '22 21:10

maureenCindy
Sign in to Comment

Related questions

Get both the headers and the body of a curl response in two separated variables?
Upload video on Youtube using curl and api v3
script to download file from Amazon S3 bucket
powershell curl and WebRequest both follow redirects
PHP CURL - cURL error 35: error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature type
Receiving gzip with Flask
curl command a gzipped POST body to an apache server
Execute Bash script remotely via cURL
How do I CURL www.google.com - it keeps redirecting me to .co.uk
Stream response from CURL request without waiting for it to finish
Get Content-Type from cURL
How to hit the WebSocket Endpoint?
Passing client certificates through Curl request using Guzzle
The certificate chain issued by an untrusted authority
Nexus artifact download using CURL
PHP Curl Request returning HTTP Error 411: The request must be chunked or have a content length
PHP: upload file from one server to another server
Saving a curl response into a php variable
Using Environment Variables in cURL Command - Unix
PHP: Check if URL redirects?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!