Hello, > Using cURL with Linux, I want to make a webservice request to a remote > server which requires an X509 cert. > > I got a Trial SSL Certificate by Verisign and obtained three files which I > copied into my machine (client): > - ssl.key (private key, generated by my server) > - verisign.crt (SSL certificate by Verisign) > - verisign-ca.crt (Intermediate and Root Trial CA by Verisign) > This last file were obtained from: > http://www.verisign.com/support/verisign-intermediate-ca/trial-secure-server-
> intermediate/index.html > http://www.verisign.com/support/verisign-intermediate-ca/Trial_Secure_Server_Root/index.html > > I tried with: > > []# curl -d "firstName=John&lastName=Smith" -G -v --key ssl.key --cert > verisign.crt --cacert verisign-ca.crt https://www.domain.com/webservice.asp > > But I got this error message: > -------- > * SSL certificate problem, verify that the CA cert is OK. Details: > error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate > verify failed > * Closing connection #0 > curl: (60) SSL certificate problem, verify that the CA cert is OK. > Details: > error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate > verify failed > More details here: http://curl.haxx.se/docs/sslcerts.html > ---------- > > Must I send VeriSign Intermediate and Root CA certificates to webservice > server so that they install it? > Must I use only certificates generated by the same CA which use this > webservice server? This is information that your client is unable to verify your server certificate. In other words, client has not enough information (CA certs) to verify certificate sent by server. You may check this with: $ openssl verify -CAfile verisign-ca.crt server_cert.pem You should get OK, if not - you must check your certificate issuer and CA cert subject (and intermediate certs if exists). Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
