I followed this guide to install certified self-signed SSL certificate on localhost and all works fine in Chrome (no longer any warning, everything is green if https is used on localhost pages):
Getting Chrome to accept self-signed localhost certificate
However, if I'm running same requests on Ubuntu console via CURL I'm getting unable to get local issuer certificate:
aherne@home-NUC8i7INH:~$ curl https://localhost
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
This issue reproduces in PHP using certificate from https://curl.haxx.se/ca/cacert.pem:
$ch = curl_init("https://localhost");
curl_setopt($ch, CURLOPT_CAINFO, "cacert.pem");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$body = curl_exec($ch);
if ($body===false) {
throw new Exception(curl_error($ch), curl_errno($ch));
}
curl_close($ch);
On further verification, issue reproduces using openssl command:
aherne@home:~$ openssl s_client -connect localhost:443\n CONNECTED(00000005) depth=0 C = RO, ST = Bucharest, L = Bucharest, O = Home, OU = Home, CN = localhost verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 C = RO, ST = Bucharest, L = Bucharest, O = Home, OU = Home, CN = localhost verify error:num=21:unable to verify the first certificate verify return:1
Is there any way to trick CURL in accepting my certificate as well as my authority that certified it (same way as Chrome)? Making cURL skip SSL verification is a non-solution!
