When trying to use a curl command to test connectivity to a web site, the following is returned:
curl: (60) Peer's Certificate issuer is not recognized.
Release | Yes/No |
|---|---|
| Highlight |  |
RDBMS | Yes/No |
|---|---|
| CSS | N/A |
- Encountered while running curl
The issue normally occurs due to not having the proper certificates in place for curl to run.
You can bypass SSL for testing with the --insecure option to verify connectivity but this will not verify SSL functionality.
For example if you try to do the following curl command:
curl --location --request POST 'https://sam.casthighlight.com/authentication/sign/in' --header 'Accept: application/json' --header 'Content-Type: application/json' --proxy <[protocol://][user:password@]proxyhost[:port]> --data-raw '{"token":"<customer secret>","type":"secretToken"}'
and it fails with the error described above , but this with --insecure works:
curl --insecure --location --request POST 'https://sam.casthighlight.com/authentication/sign/in' --header 'Accept: application/json' --header 'Content-Type: application/json' --proxy <[protocol://][user:password@]proxyhost[:port]> --data-raw '{"token":"<customer secret>","type":"secreetToken"}'
Then there is an issue with the certificates on the machine not being on the machine or in the expected location.
curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL).
If the above steps do not solve your issue contact CAST Technical Support. with the following Relevant input
Relevant input
- Exact curl command used
- A detailed list of the steps done
- Description of certificates being used
Ticket # 38291
