When trying to use a curl command to test connectivity to a web site, the following error is returned:
curl: (60) Peer's Certificate issuer is not recognized.
Details
The issue normally occurs due to not having the proper certificates in place for curl to run.
You can bypass SSL for testing with the --insecure option to verify connectivity but this will not verify SSL functionality.
For example if you try to do the following curl command:
curl --location --request POST 'https://sam.casthighlight.com/authentication/sign/in' --header 'Accept: application/json' --header 'Content-Type: application/json' --proxy <[protocol://][user:password@]proxyhost[:port]> --data-raw '{"token":"<customer secret>","type":"secretToken"}'
and it fails with the error described above , but this with --insecure works:
curl --insecure --location --request POST 'https://sam.casthighlight.com/authentication/sign/in' --header 'Accept: application/json' --header 'Content-Type: application/json' --proxy <[protocol://][user:password@]proxyhost[:port]> --data-raw '{"token":"<customer secret>","type":"secreetToken"}'
Then there is an issue with the certificates on the machine not being on the machine or in the expected location.
curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL).
Related Pages
Additional Resources
CAST Highlight Troubleshooting Guides
CAST Highlight Product Documentation
Ticket
38291
Comments