Curl SSL Certificate: unable to get local issuer certificate
when using curl
in verbose mode, I get this error:
Command:
$ curl -vvI https://www.google.com
Error:
- successfully set certificate verify locations:
- CAfile: none CApath: /etc/ssl/certs
- TLSv1.3 (OUT), TLS handshake, Client hello (1):
- TLSv1.3 (IN), TLS handshake, Server hello (2):
- TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
- TLSv1.3 (IN), TLS handshake, Certificate (11):
- TLSv1.3 (OUT), TLS alert, unknown CA (560):
- SSL certificate problem: unable to get local issuer certificate
- Closing connection 0
But if I send the same command with sudo
, the connection is setup successfully, so I guess it's a permission issue.
This is what I get with namei
command:
$ namei -mo /etc/ssl/certs/ca-certificates.crt
f: /etc/ssl/certs/ca-certificates.crt
drwxr-xr-x root root /
drwxr-xr-x root root etc
drwxr-xr-x root root ssl
drw-r--r-- root root certs
ca-certificates.crt - Permission denied
So I issued this command:
$ sudo chmod 755 /etc/ssl/certs/ca-certificates.crt
That was executed without errors, but the output of namei
command is the same.
Same thing with /etc/ssl/certs/certificate.crt
Finally, if I send this command:
$ sudo ls -l /etc/ssl/certs/ca-certificates.crt
I get:
-rwxr-xr-x 1 root root 218664 lug 19 18:51 /etc/ssl/certs/ca-certificates.crt
Solution 1:
You can't access files in the /etc/ssl/certs
directory because it is missing search permission (x
). You may fix that with chmod
, e.g.: chmod a+x /etc/ssl/certs