curl on Windows with SSL

Posted on 2014-08-20
Last Modified: 2014-08-21
I downloaded the cacert.pem file (I placed it within an editor, so it is currently in CR/LF format on WInodws, not the normal Unix format)

I type the cacert.pem file

C:\curl>type \curl\cacert.pem   | more
## Bundle of CA Root Certificates
## Certificate data from Mozilla downloaded on: Wed Aug 20 03:12:04 2014
## This is a bundle of X.509 certificates of public Certificate Authorities
## (CA). These were automatically extracted from Mozilla's root certificates
## file (certdata.txt).  This file can be found in the mozilla source tree:
## It contains the certificates in PEM format and therefore
## can be directly used with curl / libcurl / php_curl, or with
## an Apache+mod_ssl webserver for SSL client authentication.
## Just configure this file as the SSLCACertificateFile.
## Conversion done with verison 1.22.
## SHA1: bf2c15b3019e696660321d2227d942936dc50aa7

GTE CyberTrust Global Root

Open in new window

Then I try the following command:

C:\curl>curl -H "Content-Type: application/json" -d @input3.txt --cacert /curl/c
<!DOCTYPE html>
<html lang=en>
  <meta charset=utf-8>
  <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-wi
  <title>Error 405 (Method Not Allowed)!!1</title>
    *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{backgrou
nd:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height
:180px;padding:30px 0 15px}* > body{background:url(//
s/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflo
w:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (m
}}#logo{background:url(// no-repeat}@
media only screen and (min-resolution:192dpi){#logo{background:url(//
com/images/errors/logo_sm_2_hr.png) no-repeat 0% 0%/100% 100%;-moz-border-image:
url(// 0}}@media only screen and (
rrors/logo_sm_2_hr.png) no-repeat;-webkit-background-size:100% 100%}}#logo{displ
  <a href=//><span id=logo aria-label=Google></span></a>
  <p><b>405.</b> <ins>ThatΓÇÖs an error.</ins>
  <p>The request method <code>POST</code> is inappropriate for the URL <code>/</
code>.  <ins>ThatΓÇÖs all we know.</ins>

Open in new window

What is the problem with this command?

Question by:Anthony Lucia
    LVL 58

    Expert Comment

    Just try a simple test to see if the SSL is being negotiated


    And you should get back the Google search page code.

    Author Comment

    by:Anthony Lucia
    I tried the following:

    curl: (60) SSL certificate problem: unable to get local issuer certificate
    More details here:
    curl performs SSL certificate verification by default, using a "bundle"
     of Certificate Authority (CA) public keys (CA certs). If the default
     bundle file isn't adequate, you can specify an alternate file
     using the --cacert option.
    If this HTTPS server uses a certificate signed by a CA represented in
     the bundle, the certificate verification probably failed due to a
     problem with the certificate (it might be expired, or the name might
     not match the domain name in the URL).
    If you'd like to turn off curl's verification of the certificate, use
     the -k (or --insecure) option.

    Open in new window

    So yes, it appears that the SSL is being negotiated, but unsucessfully
    LVL 58

    Accepted Solution

    Forgot to add the cert path - change /curl/cacert.pem to the absolute path e.g. c:/path/file

    curl  --cacert /curl/cacert.pem

    Featured Post

    Courses: Start Training Online With Pros, Today

    Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

    Join & Write a Comment

    If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
    This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
    Viewers learn how to read error messages and identify possible mistakes that could cause hours of frustration. Coding is as much about debugging your code as it is about writing it. Define Error Message: Line Numbers: Type of Error: Break Down…
    This theoretical tutorial explains exceptions, reasons for exceptions, different categories of exception and exception hierarchy.

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now