Menu
I'm trying to update rvm on a Debian server :
rvm get stable
but I got the folowing error :
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here : http://curl.haxx.se/docs/sslcerts.html
I installed this servers about 5 month ago and everything was working fine, but it seems that something changed on the certificate of https://rvm.io
So I managed to download a new bundle certificate (cacert.pem in my user directory) :
wget http://curl.haxx.se/ca/cacert.pem
And try a different command as the official doc says, but with a option for the certificate file to use :
\curl --cacert ./cacert.pem -L https://get.rvm.io | bash -s stable # update to stable
Things moved a bit forward. Unfortunately later on, rvm run again curl during the install process and I got again the same error.
So I was wondering where to put my cacert.pem file to replace theone used by cURL ?
I tried as well other technics : creating a .curlrc file containing cacert = ~/cacert.pem but I got an error : CAfile: cacert.pem CApath: /etc/ssl/certs
So I tried to copy my cacert.pem in /usr/share/ca-certificates/cacert.org and made a sym link in /etc/ssl/certs that point to /usr/share/ca-certificates/cacert.org/cacert.pem
But, when I
rvm get stable
I got the error :
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here : http://curl.haxx.se/docs/sslcerts.html
I also tried this below, without different result though :
sudo update-ca-certificates -f
So I am wondering where to put my cacert.pem file ?
416
Download and save the self-signed certificate. Tell the Curl client about it with --cacert [file] command-line switch. This parameter tells the Curl to use the specified certificate file to verify the peer. The [file] may contain multiple CA certificates and must be in PEM format.
If you are using the curl command line tool on Windows, curl will search for a CA cert file named "curl-ca-bundle. crt" in these directories and in this order: application's directory. current working directory.
Ok, I managed to make it works, but I'm not very happy with my solution.
First mistake I was making is that the instruction in the .curlrc file was incorrect. We should use this file the same way we specify options to the "curl" command. So I removed the "equal sign" :
cacert /home/user_me/cacert.pem
With this I was able to make the first part of the command to work :
\curl -L https://get.rvm.io | bash -s stable
The bash part was still failing because rvm was using curl again in root mode.
So I copied my .curlrc file as well into the /root folder.
And it worked ! I could even call the standard rvm command :
rvm get stable
But this is a bit tricky, and I would prefer that curl use my cacert.pem file without all those .curlrc files.
Googling more, I found some usefull information here and here. The first reference has a little mistake : When I read the man page of "sudo update-ca-certificates --fresh" command, I realized the guy was puting his file at wrong place.
You have to put your certificate into /usr/share/ca-certificates folder instead of /usr/local/share/ca-certificates , and then append a line for your certificate into the configuration file /etc/ca-certificates.conf (e.g., “my_ca.crt“). Then you may run your "sudo update-ca-certificates --fresh" command.
Note : If you copy your certificate to the /usr/local/share/ca-certificates instead, then you don't need anymore to modify the /etc/ca-certificates.conf configuration file nor run the "sudo update-ca-certificates --fresh" command.
However in my case, for the first solution (/usr/share/ca-certificates) I got an error when I ran the "sudo update-ca-certificates --fresh" command. As second solution, I tried just to put my certificate into /usr/local/share/ca-certificates. But it didn't work.
So I gave up and I kept my two .curlrc files.
So if anybody could point what I was doing wrong, I would be very grateful.
181
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With