How to update the SSL root CA certificate bundle on CentOS

If you ran into an SSL certificate verification issue from your CentOS machine, the problem could be, the certificate of the server you try to connect was no longer signed by one of the trusted root certificate authorities in CentOS. Therefore you encounter problem similar to the following:

*** error: SSL certificate problem, verify that the CA cert is OK. Details: 
*** error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing https://goyun.info
*** fatal: HTTP request failed

By updating the root ca bundle you can fix this problem. The cURL website has a bundle ready that also ships with cURL, and works on CentOS.

First, backup the old bundle:

cp /etc/pki/tls/certs/ca-bundle.crt /etc/pki/tls/certs/ca-bundle.crt.bak

Then download the new bundle:

wget -O /etc/pki/tls/certs/ca-bundle.crt http://curl.haxx.se/ca/cacert.pem

Comments

Popular posts from this blog

Check MySQL query history from command line

Installing chocolatey on Windows