LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-15-2009, 10:50 AM   #1
JDska55
LQ Newbie
 
Registered: Jun 2009
Location: Iowa City, IA
Distribution: SuSE 11, ubuntu Hardy
Posts: 28

Rep: Reputation: 15
curl certificates being refused, possible filepath issue


Hey all-
I've been doing some scripting involving Amazon's EC2 platform on a virtual machine, and my boss wants me to move things over to an actual networked machine in our lab. I got all of the tools and files I was using moved over, but any time I try to use a tool that needs the certificates, I get flatly denied like so:

Code:
$ ec2din #decsribes running instances on amazon's servers
curl: (60) SSL certificate problem. Verify that the CA is OK. Details: 
error:14090086: SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
#etc etc

$ curl -v https://www.amazonaws.com
* About to connect to 207.171.166.22... connection refused
* couldn't connect to host
* closing connection #0
* curl (7) couldn't connect to host
Sorry if that's a little verbose. I know the certificate works fine, it is a direct copy of the one that is running on my virtual machine. I think that curl may be looking in the wrong place. Any ideas on why curl is misbehaving? I even made the admin add the public part of the certificate to /etc/ssl/certs, but it still didn't work. Please help!!

Thanks,
Jarrod
 
Old 06-15-2009, 11:43 AM   #2
grepmasterd
Member
 
Registered: Aug 2003
Location: Seattle
Distribution: ubuntu, lately
Posts: 182
Blog Entries: 1

Rep: Reputation: 35
"connection refused" means you can't connect on that port (443). so that's not a valid test.

I don't know much about amazon's cloud service tools, but you may need more than just the server cert. you may also need the CA cert. This agrees with your error message: "certificate verify failed" typically means that the server cert could not be verified because it couldn't find the right signing authority.
 
Old 07-13-2009, 12:25 PM   #3
JDska55
LQ Newbie
 
Registered: Jun 2009
Location: Iowa City, IA
Distribution: SuSE 11, ubuntu Hardy
Posts: 28

Original Poster
Rep: Reputation: 15
Hey guys-
I still don't have this problem resolved. I figured out that the system I'm on has almost no certificates on it for some reason. I need to know what cert curl is trying to find when it's called and gets refused. Is there a way to make curl tell me what certificate it's looking for? If I can get the name of it I can find a copy and have my admin install it on the system. Any help would be HUGELY appreciated

Cheers,
Jarrod
 
Old 07-13-2009, 07:18 PM   #4
grepmasterd
Member
 
Registered: Aug 2003
Location: Seattle
Distribution: ubuntu, lately
Posts: 182
Blog Entries: 1

Rep: Reputation: 35
Your test with curl is not really valid against the amazonaws site. Use curl against a known https site:

Code:
curl -v https://www.paypal.com/
If you just want to see what certificate the server is offering:

Code:
openssl s_client -connect www.paypal.com:443
openssl s_client -connect www.amazonaws.com:$PORT
where $PORT is that which is used by the ec2din tool.

If you're trying to figure out where certs are stored on you local system , then that depends on what OS/distro you are using. curl uses the openssl library, and can be found on debian-based systems under /etc/ssl/certs (which should be a symlink to /usr/share/ca-certificates/mozilla)

hope that helps
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
curl: (7) couldn't connect to host // wget --> failed: Connection refused. linea Linux - Newbie 12 05-21-2012 12:56 PM
Apt-get update issue. Connection refused (111) Boffy Ubuntu 2 06-03-2010 07:18 AM
cURL: Server has many IPs, how would I make a cURL script use those IPs to send data? guest Programming 0 04-11-2009 11:42 AM
stuck with php/curl and SSL certificates chr15t0 Programming 2 05-20-2005 06:10 AM
how to get absolute filepath from filedescriptor appas Programming 1 07-27-2004 10:36 AM


All times are GMT -5. The time now is 12:41 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration