SSL Certificates - OS X Mavericks

Question

I am trying to connect to application on localhost which uses SSL. I am using Mac OS X Mavericks. The error I am getting is following:

Error sending cURL get request to https://dev.site.com:5555/version  
Error code: 60 Error msg: SSL certificate problem: Invalid certificate chain

I tried to add certificates to the chain:

/usr/bin/security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" /etc/path/ca_key.pem 

Still getting the same error.

Answer 1

The option --with-openssl no longer works as of https://github.com/Homebrew/homebrew-core/pull/36263

Just install curl-openssl instead of curl.

$ brew install curl-openssl

$ /usr/local/opt/curl-openssl/bin/curl --version
curl 7.64.1 (x86_64-apple-darwin18.2.0) libcurl/7.64.1 OpenSSL/1.0.2r zlib/1.2.11 brotli/1.0.7 c-ares/1.15.0 libssh2/1.8.2 nghttp2/1.38.0 librtmp/2.3
Release-Date: 2019-03-27
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS brotli GSS-API HTTP2 HTTPS-proxy IPv6 Kerberos Largefile libz Metalink NTLM NTLM_WB SPNEGO SSL TLS-SRP UnixSockets

Answer 2

In some cases will be better to use standard curl (eg if you develop on Mac code for Linux or *BSD). In this case you can do like that:

1. Install Homebrew

2. Install curl with standard certificates support (no more Keychain certs).

   brew install curl --with-openssl && brew link curl --force

3. Install root CA certs from http://curl.haxx.se/ca/cacert.pem into /usr/local/etc/openssl/certs/cacert.pem

4. Add into your ~/.bash_profile

   export CURL_CA_BUNDLE=/usr/local/etc/openssl/certs/cacert.pem

5. After 4 steps you can use curl with certificates from file, not from Keychain.