发表新帖
发表新帖

SSL Certificates - OS X Mavericks

前端 未结
关注
4 793
故里飘歌
故里飘歌 2020-12-30 08:02

I am trying to connect to application on localhost which uses SSL. I am using Mac OS X Mavericks. The error I am getting is following: 

Error sending cURL ge
相关标签:
4条回答
  • 再見小時候
    2020-12-30 08:21

    In some cases will be better to use standard curl (eg if you develop on Mac code for Linux or *BSD). In this case you can do like that:

    1. Install Homebrew

    2. Install curl with standard certificates support (no more Keychain certs).

      brew install curl --with-openssl && brew link curl --force

    3. Install root CA certs from http://curl.haxx.se/ca/cacert.pem into /usr/local/etc/openssl/certs/cacert.pem

    4. Add into your ~/.bash_profile

      export CURL_CA_BUNDLE=/usr/local/etc/openssl/certs/cacert.pem

    5. After 4 steps you can use curl with certificates from file, not from Keychain.

    0 讨论(0)
  • 再見小時候
    2020-12-30 08:24

    The option --with-openssl no longer works as of https://github.com/Homebrew/homebrew-core/pull/36263

    Just install curl-openssl instead of curl.

    $ brew install curl-openssl

$ /usr/local/opt/curl-openssl/bin/curl --version
curl 7.64.1 (x86_64-apple-darwin18.2.0) libcurl/7.64.1 OpenSSL/1.0.2r zlib/1.2.11 brotli/1.0.7 c-ares/1.15.0 libssh2/1.8.2 nghttp2/1.38.0 librtmp/2.3
Release-Date: 2019-03-27
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS brotli GSS-API HTTP2 HTTPS-proxy IPv6 Kerberos Largefile libz Metalink NTLM NTLM_WB SPNEGO SSL TLS-SRP UnixSockets
    0 讨论(0)
  • 执笔经年
    2020-12-30 08:26

    There are two things you can do:

    (1) Convert the .pem certificate to .p12:

    openssl pkcs12 -export -out my_certificate.p12 -inkey my_certificate.pem -in my_certificate.pem`

    and use it with curl with the PASSWORD you pick when converting:

    curl --cert my_certificate.p12:PASSWORD.

    (2) Drag the .pem file into your keychain, open the infopane, set it to 'always trust' for SSL and X.509, and note the COMMON-NAME. (name of certificate)

    curl --cert COMMON-NAME

    Both work for me on OSX 10.9 with cURL 7.35.0

    0 讨论(0)
  • 生来不讨喜
    2020-12-30 08:27

    --cacert and --cert are broken in OSX Mavericks.

    You can read more about it here: https://groups.google.com/forum/#!topic/munki-dev/oX2xUnoQEi4

    The workaround is here: http://curl.haxx.se/mail/archive-2013-10/0036.html which indicates that you need to import the certificate as a trusted system cert:

    Import the certificate into the system ("System") or user ("login") keychain using Keychain Access and mark it as always trusted for SSL and X.509 basic policy.

    0 讨论(0)
 看不清?
提交回复
热议问题