curl
or howto update apache httpd root ca certificates !apache httpd errors
if you dont have the correct/latest root ca certs installed then apache httpd could give you the following errors when using php curlSSL certificate problem, verify that the CA cert is OK. Details: error:14090086: SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Check your curl root ca certs
Note that even ROOT ca certificates can expire and need updating typically every 10 years or so ! http://curl.haxx.se/docs/sslcerts.html says that "until 7.18.0, curl bundled a severely outdated ca bundle file that was installed by default. These days, the curl archives include no ca certs at all."So check your curl version
Different distros have different versions of curl for example Centos 5 includes curl 7.15.5 and Ed/X/Ubuntu 10.x includes curl 7.19.7Download latest root ca cert
For example all VeriSign SSL and Code Signing products enrolled after October 10, 2010 require this new VeriSign Root CA ! So download it and save it as rootca.crtReference new root ca manually
by using --cacert option$ curl --cacert rootca.crt "https://example.com/"
Append updated root ca cert to your ca bundle
http://curl.haxx.se/docs/sslcerts.htmlfirst convert it from crt to PEM and then append it to your ca bundle crt file
# openssl x509 -inform PEM -in rootca.crt -out rootca.pem -text # cat rootca.pem >> /etc/pki/tls/certs/ca-bundle.crt
Or get a better/newer/updated PEM ca bundle
that includes the latest root ca certs from http://curl.haxx.se/docs/caextract.html and copy it to /etc/pki/tls/certs/ca-bundle.crtREFERRERS
SystemServices
