Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

The certificate chain issued by an untrusted authority

I am using the curl terminal and while issuing the following command :-

curl --anyauth --user admin:admin "https://localhost:8000/LATEST/search?q=caesar"

I am getting below alert :-

curl: (77) schannel: next InitializeSecurityContext failed: SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by an authority that is not trusted.

Please suggest. I have installed curl in Windows and also downloaded the .pem file and placed it in the same folder.

like image 746
Aviator Avatar asked May 08 '20 09:05

Aviator


People also ask

How do I trust an untrusted certificate?

Navigate to the site with the cert you want to trust, and click through the usual warnings for untrusted certificates. In the address bar, right click on the red warning triangle and "Not secure" message and, from the resulting menu, select "Certificate" to show the certificate.

What is the certificate chain of trust?

The chain of trust of a certificate chain is an ordered list of certificates, containing an end-user subscriber certificate and intermediate certificates (that represents the intermediate CA), that enables the receiver to verify that the sender and all intermediate certificates are trustworthy.

What is certificate chain issue?

SSL Certificates can be trusted on a main browser and function correctly, however, it can still have chain issues. This problem can result in the application failing, especially on mobile devices and other browsers, as the certificate will be deemed untrusted.


1 Answers

If your server has a self-signed cert, then by default curl doesn't know that it can trust that the server is who it says it is, and doesn't want to talk.

You can either:

  • import the cert into your trust store (best and most secure)
  • apply the -k or --insecure switch to ignore and continue. This may be fine for local development.
  • use a real cert, signed by a trusted CA
like image 155
Mads Hansen Avatar answered Sep 16 '22 14:09

Mads Hansen