hmm... not sure the "--insecure -k" option is the right/best approach for this. although it does work.. As far as I can tell, it should be possible to download the "pem"/cert from the site, via FF, and to then use this data in the curl.. However, I can't quite get this to work correctly. Might be user error. Here's what I've done so far. the base curl cmd is: curl -A "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.11) Gecko/2009061118 Fedora/3.0.11-1.fc9 Firefox/3.0.11" --cookie-jar wayne.lwp --cookie wayne.lwp -L "https://isiscc.smc.edu/pls/apex/f?p=123:1:3916268190676791"; -vvv running on fedora/centos as test systems 1) inserted the base site >>https://isiscc.smc.edu/pls/apex/f?p=123:1:3916268190676791 into the FF address bar. 2) selected the "lock" at the left of the address bar, to get the cert/data 3) did an export of the pem/cert data. -[not the chain] 4) as far as I can tell, from the debug "-vvv" output, ----* Initializing NSS with certpath: /etc/pki/nssdb ----* CAfile: /etc/pki/tls/certs/ca-bundle.crt the ca-bundle is the file with the certs. I then copied the data from the foo.pem that I got from the smc site/pem and added the results to the end of the ca-bundle.crt file I then reran the curl cmd, and got the same errors I got before.. So 1) Is the pem file I downloaded, the correct cert file for the site, and 2) Is the ca-bundle.crt file the correct file to append the data to/in. Or is there some different file that I should be doing the insertion of the downloaded pem/cert data. Once all of this works, I'll place this in stackoverflow for others! thanks On Fri, Nov 1, 2013 at 11:15 AM, Chris Adams <linux@xxxxxxxxxxx> wrote: > Once upon a time, bruce <badouglas@xxxxxxxxx> said: >> hi. >> >> trying to do a simple curl for the college site >> curl -A "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.11) >> Gecko/2009061118 Fedora/3.0.11-1.fc9 Firefox/3.0.11" -L >> https://isiscc.smc.edu/pls/apex/f?p=123:1:3916268190676791 -vvv > > They have a VeriSign-signed SSL cert, but they probably didn't follow > the directions and install the intermediate cert correctly (it might > work in Firefox because it includes more CA certs). Only the server > admins for isiscc.smc.edu can fix that. > > Until they get it fixed, you can bypass cert validation with the > "--insecure" option to curl or the "--no-check-certificate" option to > wget. It isn't recommended because it defeats the purpose of SSL. > > -- > Chris Adams <linux@xxxxxxxxxxx> > -- > users mailing list > users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe or change subscription options: > https://admin.fedoraproject.org/mailman/listinfo/users > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > Have a question? Ask away: http://ask.fedoraproject.org -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
