Additions:
For example all VeriSign SSL and Code Signing products enrolled after October 10, 2010 require this new [[https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id=AR1553 VeriSign Root CA]] ! So download it and save it as rootca.crt
$ curl --cacert rootca.crt "https://example.com/"
# openssl x509 -inform PEM -in rootca.crt -out rootca.pem -text
# cat rootca.pem >> /etc/pki/tls/certs/ca-bundle.crt
$ curl --cacert rootca.crt "https://example.com/"
# openssl x509 -inform PEM -in rootca.crt -out rootca.pem -text
# cat rootca.pem >> /etc/pki/tls/certs/ca-bundle.crt
Deletions:
$ curl --cacert verisign.crt "https://example.com/"
# openssl x509 -inform PEM -in verisign.crt -out verisign.pem -text
# cat verisign.pem >> /etc/pki/tls/certs/ca-bundle.crt
Additions:
first convert it from crt to PEM and then append it to your ca bundle crt file
# cat verisign.pem >> /etc/pki/tls/certs/ca-bundle.crt
# cat verisign.pem >> /etc/pki/tls/certs/ca-bundle.crt
Deletions:
# cat verisign.pem >> /etc/pki/tls/certs
Additions:
or howto update apache httpd root ca certificates !
Additions:
http://curl.haxx.se/docs/caextract.html
=====apache httpd errors=====
if you dont have the correct/latest root ca certs installed then apache httpd could give you the following errors when using php curl
SSL certificate problem, verify that the CA cert is OK.
Details:
error:14090086:
SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
=====Check your curl root ca certs=====
=====So check your curl version=====
=====Or get a better/newer/updated PEM ca bundle =====
that includes the latest root ca certs from http://curl.haxx.se/docs/caextract.html and copy it to /etc/pki/tls/certs/ca-bundle.crt
=====apache httpd errors=====
if you dont have the correct/latest root ca certs installed then apache httpd could give you the following errors when using php curl
SSL certificate problem, verify that the CA cert is OK.
Details:
error:14090086:
SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
=====Check your curl root ca certs=====
=====So check your curl version=====
=====Or get a better/newer/updated PEM ca bundle =====
that includes the latest root ca certs from http://curl.haxx.se/docs/caextract.html and copy it to /etc/pki/tls/certs/ca-bundle.crt
Deletions:
=====Check your curl version=====
=====Or get a better/newer/updated PEM ca bundle that includes the latest root ca certs=====
from http://curl.haxx.se/docs/caextract.html and copy it to /etc/pki/tls/certs/ca-bundle.crt
