Skip to content

Instantly share code, notes, and snippets.

@olih
Created June 23, 2015 10:57
Show Gist options
  • Save olih/a50ce2181a657eefb041 to your computer and use it in GitHub Desktop.
Save olih/a50ce2181a657eefb041 to your computer and use it in GitHub Desktop.
Curl with custom CA certificates

Using curl with custom CA certificates

This document describes how to use curl with both custom and official CA SSL certificates.

Prerequisite

You would need first to install curl , see http://curl.haxx.se/docs/install.html. Using a package manager such as yum, brew, ... for your platform should be the easiest though.

Example for Mac OS:

brew install curl --with-openssl
brew link curl --force
curl --version

CA directory

Create a CA directory which will contain all your CA certificates in the .pem format (ex: /etc/pki/ssl/ca).

Export a custom CA from the firefox browser

Note that this step is only necessary, if you don't already have your custom CA in pem format.

If you open a SSL protected webpage in the firefox browser:

  • click on the lock on the left of the url
  • Then "more information ..."/Security/"View certificate"/Details/"Export ..."/"X.509 Certificate (PEM)"

Export the .pem file in your CA directory

Get all the officially supported certificate authorities

In you CA directory:

curl http://curl.haxx.se/ca/cacert.pem -o firefox.pem

Merge all your .pem in one

In you CA directory:

cat *.pem > ca-all.pem

Configuring cacert

From now on, you should be able configure curl to use your merged CA:

curl --cacert /etc/pki/ssl/ca/ca-all.pem https://mycustomapi.com

You may prefer to update .curlrc by adding the line:

cacert /etc/pki/ssl/ca/ca-all.pem

References

http://curl.haxx.se/docs/sslcerts.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment