Curl not returning response
I have a scenario where I was using curl --noproxy "*" https://.. to get the response but suddenly when I use it now it doesn't return me the response instead it says
curl: (60) Peer certificate cannot be authenticated with known CA certificates
More details here: http://curl.haxx.se/docs/sslcerts.html
now when I use curl -k https:// it gives me response.
I am not sure what went wrong and what could be the cause for this.
Any idea how to not use curl -k insecure option ?
linux curl proxy certificates
edited Feb 28 '18 at 12:03
Jeff Schaller
40.6k1054129
asked Feb 28 '18 at 11:52
vanishkavanishka
11
bumped to the homepage by Community♦ 1 hour ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I have a scenario where I was using curl --noproxy "*" https://.. to get the response but suddenly when I use it now it doesn't return me the response instead it says
curl: (60) Peer certificate cannot be authenticated with known CA certificates
More details here: http://curl.haxx.se/docs/sslcerts.html
now when I use curl -k https:// it gives me response.
I am not sure what went wrong and what could be the cause for this.
Any idea how to not use curl -k insecure option ?
linux curl proxy certificates
edited Feb 28 '18 at 12:03
Jeff Schaller
40.6k1054129
asked Feb 28 '18 at 11:52
vanishkavanishka
11
bumped to the homepage by Community♦ 1 hour ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I have a scenario where I was using curl --noproxy "*" https://.. to get the response but suddenly when I use it now it doesn't return me the response instead it says
curl: (60) Peer certificate cannot be authenticated with known CA certificates
More details here: http://curl.haxx.se/docs/sslcerts.html
now when I use curl -k https:// it gives me response.
I am not sure what went wrong and what could be the cause for this.
Any idea how to not use curl -k insecure option ?
linux curl proxy certificates
edited Feb 28 '18 at 12:03
Jeff Schaller
40.6k1054129
asked Feb 28 '18 at 11:52
vanishkavanishka
11
I have a scenario where I was using curl --noproxy "*" https://.. to get the response but suddenly when I use it now it doesn't return me the response instead it says
curl: (60) Peer certificate cannot be authenticated with known CA certificates
More details here: http://curl.haxx.se/docs/sslcerts.html
now when I use curl -k https:// it gives me response.
I am not sure what went wrong and what could be the cause for this.
Any idea how to not use curl -k insecure option ?
linux curl proxy certificates
linux curl proxy certificates
edited Feb 28 '18 at 12:03
Jeff Schaller
40.6k1054129
asked Feb 28 '18 at 11:52
vanishkavanishka
11
edited Feb 28 '18 at 12:03
Jeff Schaller
40.6k1054129
asked Feb 28 '18 at 11:52
vanishkavanishka
11
edited Feb 28 '18 at 12:03
Jeff Schaller
40.6k1054129
edited Feb 28 '18 at 12:03
Jeff Schaller
40.6k1054129
edited Feb 28 '18 at 12:03
Jeff Schaller
40.6k1054129
40.6k1054129
asked Feb 28 '18 at 11:52
vanishkavanishka
11
asked Feb 28 '18 at 11:52
vanishkavanishka
11
asked Feb 28 '18 at 11:52
vanishkavanishka
11
11
bumped to the homepage by Community♦ 1 hour ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 1 hour ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
You can load a valid certificate for the site you are trying to connect to with the --cacert /path/to/crt/file. The -k option is usually used for self-signed certs, although I always try and use --cacert.
edited Mar 2 '18 at 9:02
terdon♦
130k32254432
answered Feb 28 '18 at 12:07
pm1391pm1391
1013
add a comment |
If this happened recently, maybe the remote certificate was signed by an authority not present in your certificate store. If you have no doubt about remote site being legitimate, -k is an option. However:
- you can try to update your system to refresh ca-certificates package
you can get information about certificates using openssl s_client which has many options to debug SSL things.
ex:
$ openssl s_client -connect google.com:443
- Also: you cant get additional detail on certificates by extending the command like this:
$ openssl s_client -connect google.com:443 | openssl x509 -noout -text
which includes validity dates, for example :
... Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5230064140940427690 (0x4894eba0494341aa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2
Validity
Not Before: Feb 13 10:55:29 2018 GMT
Not After : May 8 10:40:00 2018 GMT
Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d7:14:f9:54:c2:48:c4:4c:be:22:b1:59:23:79:
...
answered Feb 28 '18 at 12:22
tonioctonioc
1,22468
is this anything related to user ? I had created a different user and assigned root permissions
– vanishka
Feb 28 '18 at 12:29
no, the ca-certificates are usually globally accessible. However, if it wroked with another user, you should try again with that. And if so look for differences in environment.
– tonioc
Feb 28 '18 at 12:36
okay , thanks for the explanation. two questions now, 1. if I use curl -k is there any harm is this insecure ? 2. I remember I had created a user then assigned root permissions to it then in root profile i had exported the proxy settings (when ever I do sudo su root it redirects me to my home) now few days back I created a new user and assigned root permissions to it is there any relation that I should del that user ?
– vanishka
Feb 28 '18 at 13:22
1. "-k" option : this option prevents remote certificate from being verified. As a consequence, you are never sure the communication is actually going to the server you think it goes.
– tonioc
Feb 28 '18 at 16:54
2. I don't think these are linked. What is the result of openssl s_client -connect <yoursite>:443 ?
– tonioc
Feb 28 '18 at 16:55
|
show 6 more comments
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f427177%2fcurl-not-returning-response%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
You can load a valid certificate for the site you are trying to connect to with the --cacert /path/to/crt/file. The -k option is usually used for self-signed certs, although I always try and use --cacert.
edited Mar 2 '18 at 9:02
terdon♦
130k32254432
answered Feb 28 '18 at 12:07
pm1391pm1391
1013
add a comment |
You can load a valid certificate for the site you are trying to connect to with the --cacert /path/to/crt/file. The -k option is usually used for self-signed certs, although I always try and use --cacert.
edited Mar 2 '18 at 9:02
terdon♦
130k32254432
answered Feb 28 '18 at 12:07
pm1391pm1391
1013
add a comment |
You can load a valid certificate for the site you are trying to connect to with the --cacert /path/to/crt/file. The -k option is usually used for self-signed certs, although I always try and use --cacert.
edited Mar 2 '18 at 9:02
terdon♦
130k32254432
answered Feb 28 '18 at 12:07
pm1391pm1391
1013
You can load a valid certificate for the site you are trying to connect to with the --cacert /path/to/crt/file. The -k option is usually used for self-signed certs, although I always try and use --cacert.
edited Mar 2 '18 at 9:02
terdon♦
130k32254432
answered Feb 28 '18 at 12:07
pm1391pm1391
1013
edited Mar 2 '18 at 9:02
terdon♦
130k32254432
edited Mar 2 '18 at 9:02
terdon♦
130k32254432
edited Mar 2 '18 at 9:02
terdon♦
130k32254432
130k32254432
answered Feb 28 '18 at 12:07
pm1391pm1391
1013
answered Feb 28 '18 at 12:07
pm1391pm1391
1013
answered Feb 28 '18 at 12:07
pm1391pm1391
1013
1013
add a comment |
add a comment |
If this happened recently, maybe the remote certificate was signed by an authority not present in your certificate store. If you have no doubt about remote site being legitimate, -k is an option. However:
- you can try to update your system to refresh ca-certificates package
you can get information about certificates using openssl s_client which has many options to debug SSL things.
ex:
$ openssl s_client -connect google.com:443
- Also: you cant get additional detail on certificates by extending the command like this:
$ openssl s_client -connect google.com:443 | openssl x509 -noout -text
which includes validity dates, for example :
... Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5230064140940427690 (0x4894eba0494341aa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2
Validity
Not Before: Feb 13 10:55:29 2018 GMT
Not After : May 8 10:40:00 2018 GMT
Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d7:14:f9:54:c2:48:c4:4c:be:22:b1:59:23:79:
...
answered Feb 28 '18 at 12:22
tonioctonioc
1,22468
is this anything related to user ? I had created a different user and assigned root permissions
– vanishka
Feb 28 '18 at 12:29
no, the ca-certificates are usually globally accessible. However, if it wroked with another user, you should try again with that. And if so look for differences in environment.
– tonioc
Feb 28 '18 at 12:36
okay , thanks for the explanation. two questions now, 1. if I use curl -k is there any harm is this insecure ? 2. I remember I had created a user then assigned root permissions to it then in root profile i had exported the proxy settings (when ever I do sudo su root it redirects me to my home) now few days back I created a new user and assigned root permissions to it is there any relation that I should del that user ?
– vanishka
Feb 28 '18 at 13:22
1. "-k" option : this option prevents remote certificate from being verified. As a consequence, you are never sure the communication is actually going to the server you think it goes.
– tonioc
Feb 28 '18 at 16:54
2. I don't think these are linked. What is the result of openssl s_client -connect <yoursite>:443 ?
– tonioc
Feb 28 '18 at 16:55
|
show 6 more comments
If this happened recently, maybe the remote certificate was signed by an authority not present in your certificate store. If you have no doubt about remote site being legitimate, -k is an option. However:
- you can try to update your system to refresh ca-certificates package
you can get information about certificates using openssl s_client which has many options to debug SSL things.
ex:
$ openssl s_client -connect google.com:443
- Also: you cant get additional detail on certificates by extending the command like this:
$ openssl s_client -connect google.com:443 | openssl x509 -noout -text
which includes validity dates, for example :
... Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5230064140940427690 (0x4894eba0494341aa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2
Validity
Not Before: Feb 13 10:55:29 2018 GMT
Not After : May 8 10:40:00 2018 GMT
Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d7:14:f9:54:c2:48:c4:4c:be:22:b1:59:23:79:
...
answered Feb 28 '18 at 12:22
tonioctonioc
1,22468
is this anything related to user ? I had created a different user and assigned root permissions
– vanishka
Feb 28 '18 at 12:29
no, the ca-certificates are usually globally accessible. However, if it wroked with another user, you should try again with that. And if so look for differences in environment.
– tonioc
Feb 28 '18 at 12:36
okay , thanks for the explanation. two questions now, 1. if I use curl -k is there any harm is this insecure ? 2. I remember I had created a user then assigned root permissions to it then in root profile i had exported the proxy settings (when ever I do sudo su root it redirects me to my home) now few days back I created a new user and assigned root permissions to it is there any relation that I should del that user ?
– vanishka
Feb 28 '18 at 13:22
1. "-k" option : this option prevents remote certificate from being verified. As a consequence, you are never sure the communication is actually going to the server you think it goes.
– tonioc
Feb 28 '18 at 16:54
2. I don't think these are linked. What is the result of openssl s_client -connect <yoursite>:443 ?
– tonioc
Feb 28 '18 at 16:55
|
show 6 more comments
If this happened recently, maybe the remote certificate was signed by an authority not present in your certificate store. If you have no doubt about remote site being legitimate, -k is an option. However:
- you can try to update your system to refresh ca-certificates package
you can get information about certificates using openssl s_client which has many options to debug SSL things.
ex:
$ openssl s_client -connect google.com:443
- Also: you cant get additional detail on certificates by extending the command like this:
$ openssl s_client -connect google.com:443 | openssl x509 -noout -text
which includes validity dates, for example :
... Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5230064140940427690 (0x4894eba0494341aa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2
Validity
Not Before: Feb 13 10:55:29 2018 GMT
Not After : May 8 10:40:00 2018 GMT
Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d7:14:f9:54:c2:48:c4:4c:be:22:b1:59:23:79:
...
answered Feb 28 '18 at 12:22
tonioctonioc
1,22468
If this happened recently, maybe the remote certificate was signed by an authority not present in your certificate store. If you have no doubt about remote site being legitimate, -k is an option. However:
- you can try to update your system to refresh ca-certificates package
you can get information about certificates using openssl s_client which has many options to debug SSL things.
ex:
$ openssl s_client -connect google.com:443
- Also: you cant get additional detail on certificates by extending the command like this:
$ openssl s_client -connect google.com:443 | openssl x509 -noout -text
which includes validity dates, for example :
... Certificate:
Data:
Version: 3 (0x2)
Serial Number: 5230064140940427690 (0x4894eba0494341aa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2
Validity
Not Before: Feb 13 10:55:29 2018 GMT
Not After : May 8 10:40:00 2018 GMT
Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d7:14:f9:54:c2:48:c4:4c:be:22:b1:59:23:79:
...
answered Feb 28 '18 at 12:22
tonioctonioc
1,22468
edited Mar 2 '18 at 11:56
answered Feb 28 '18 at 12:22
tonioctonioc
1,22468
answered Feb 28 '18 at 12:22
tonioctonioc
1,22468
answered Feb 28 '18 at 12:22
tonioctonioc
1,22468
1,22468
is this anything related to user ? I had created a different user and assigned root permissions
– vanishka
Feb 28 '18 at 12:29
no, the ca-certificates are usually globally accessible. However, if it wroked with another user, you should try again with that. And if so look for differences in environment.
– tonioc
Feb 28 '18 at 12:36
okay , thanks for the explanation. two questions now, 1. if I use curl -k is there any harm is this insecure ? 2. I remember I had created a user then assigned root permissions to it then in root profile i had exported the proxy settings (when ever I do sudo su root it redirects me to my home) now few days back I created a new user and assigned root permissions to it is there any relation that I should del that user ?
– vanishka
Feb 28 '18 at 13:22
1. "-k" option : this option prevents remote certificate from being verified. As a consequence, you are never sure the communication is actually going to the server you think it goes.
– tonioc
Feb 28 '18 at 16:54
2. I don't think these are linked. What is the result of openssl s_client -connect <yoursite>:443 ?
– tonioc
Feb 28 '18 at 16:55
|
show 6 more comments
is this anything related to user ? I had created a different user and assigned root permissions
– vanishka
Feb 28 '18 at 12:29
no, the ca-certificates are usually globally accessible. However, if it wroked with another user, you should try again with that. And if so look for differences in environment.
– tonioc
Feb 28 '18 at 12:36
okay , thanks for the explanation. two questions now, 1. if I use curl -k is there any harm is this insecure ? 2. I remember I had created a user then assigned root permissions to it then in root profile i had exported the proxy settings (when ever I do sudo su root it redirects me to my home) now few days back I created a new user and assigned root permissions to it is there any relation that I should del that user ?
– vanishka
Feb 28 '18 at 13:22
1. "-k" option : this option prevents remote certificate from being verified. As a consequence, you are never sure the communication is actually going to the server you think it goes.
– tonioc
Feb 28 '18 at 16:54
2. I don't think these are linked. What is the result of openssl s_client -connect <yoursite>:443 ?
– tonioc
Feb 28 '18 at 16:55
is this anything related to user ? I had created a different user and assigned root permissions
– vanishka
Feb 28 '18 at 12:29
is this anything related to user ? I had created a different user and assigned root permissions
– vanishka
Feb 28 '18 at 12:29
no, the ca-certificates are usually globally accessible. However, if it wroked with another user, you should try again with that. And if so look for differences in environment.
– tonioc
Feb 28 '18 at 12:36
no, the ca-certificates are usually globally accessible. However, if it wroked with another user, you should try again with that. And if so look for differences in environment.
– tonioc
Feb 28 '18 at 12:36
okay , thanks for the explanation. two questions now, 1. if I use curl -k is there any harm is this insecure ? 2. I remember I had created a user then assigned root permissions to it then in root profile i had exported the proxy settings (when ever I do sudo su root it redirects me to my home) now few days back I created a new user and assigned root permissions to it is there any relation that I should del that user ?
– vanishka
Feb 28 '18 at 13:22
okay , thanks for the explanation. two questions now, 1. if I use curl -k is there any harm is this insecure ? 2. I remember I had created a user then assigned root permissions to it then in root profile i had exported the proxy settings (when ever I do sudo su root it redirects me to my home) now few days back I created a new user and assigned root permissions to it is there any relation that I should del that user ?
– vanishka
Feb 28 '18 at 13:22
1. "-k" option : this option prevents remote certificate from being verified. As a consequence, you are never sure the communication is actually going to the server you think it goes.
– tonioc
Feb 28 '18 at 16:54
1. "-k" option : this option prevents remote certificate from being verified. As a consequence, you are never sure the communication is actually going to the server you think it goes.
– tonioc
Feb 28 '18 at 16:54
2. I don't think these are linked. What is the result of openssl s_client -connect <yoursite>:443 ?
– tonioc
Feb 28 '18 at 16:55
2. I don't think these are linked. What is the result of openssl s_client -connect <yoursite>:443 ?
– tonioc
Feb 28 '18 at 16:55
|
show 6 more comments
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f427177%2fcurl-not-returning-response%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
