I'm getting the famous "SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed" problem when attempting to curl a domain that has a rapidssl certificate installed.
I'm running Ubuntu 10.10 and I have openssl installed with a huge /etc/ssl/certs directory. I've tried using the --cacert and --capath arguments.
Nothing seems to work with this specific domain, even though when I visit the site with my web browser it authenticates the certificate.
However, when I curl https://google.com, it has no problem.
What am I doing wrong?
Make sure that you specify
www.phaxio.com, and not justphaxio.com. The latter does not provide with a valid certificate, and could be your problem.https://www.phaxio.comis using a wildcard-certificate. This should validate as long as you specify a prefix to .phaxio.com. This means thatphaxio.comis invalid, butwww.phaxio.comis valid.However,
phaxio.comactually presents itself with a certificate for an entirely different domain.The date on the computer you're running
curlon could be set to a time outside the certificates validity period. It's valid from18th September 2011.The root-certificate list could be too old - the CA-certificate is dated
19th February 2010. (This is probably not the case in Ubuntu 10.10, though).Create a file with this info: (RapidSSL+GeoTrust Certs)
then use: