-
-
Save akhan3/00e5e2fa952cb04bf2e0e66ad56f8c92 to your computer and use it in GitHub Desktop.
Revisions
-
olih created this gist
Jun 23, 2015 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,63 @@ # Using curl with custom CA certificates This document describes how to use curl with both custom and official CA SSL certificates. ## Prerequisite You would need first to install curl , see http://curl.haxx.se/docs/install.html. Using a package manager such as yum, brew, ... for your platform should be the easiest though. Example for Mac OS: ``` brew install curl --with-openssl brew link curl --force curl --version ``` ## CA directory Create a CA directory which will contain all your CA certificates in the .pem format (ex: /etc/pki/ssl/ca). ### Export a custom CA from the firefox browser Note that this step is only necessary, if you don't already have your custom CA in pem format. If you open a SSL protected webpage in the firefox browser: - click on the lock on the left of the url - Then "more information ..."/Security/"View certificate"/Details/"Export ..."/"X.509 Certificate (PEM)" Export the .pem file in your CA directory ### Get all the officially supported certificate authorities In you CA directory: ```sh curl http://curl.haxx.se/ca/cacert.pem -o firefox.pem ``` ### Merge all your .pem in one In you CA directory: ```sh cat *.pem > ca-all.pem ``` ## Configuring cacert From now on, you should be able configure curl to use your merged CA: ```sh curl --cacert /etc/pki/ssl/ca/ca-all.pem https://mycustomapi.com ``` You may prefer to update .curlrc by adding the line: ``` cacert /etc/pki/ssl/ca/ca-all.pem ``` ## References http://curl.haxx.se/docs/sslcerts.html