Adding self-signed SSL certificate for libcurl

Question

I am using libcurl in my C application to communicate with an HTTPS server that I have set up. I generated a self-signed certificate on that server that I wish to use with curl.

Answer 1

First, you kind of mix "Certificate Authority" files and "Certificate" files which confuses me.

How can I add my own CA/Self-signed certificate so that libcurl will successfully validate it?

This might be seen as a complementary answer to the one above. In the case you want to add a self-signed CA (every root-CA is self-signed) so that libcurl will successfully validate a website's certificate, which has been generated by the CA, then continue reading.

With CURLOPT_CAINFO you need to pass the "Certificate Authority" file (CA) that was used when generating the (non-CA) certificate of the site you want to verify.

(I do not know if this option works by passing it a non-CA certificate, the documentation is not really clear on this, and the previous answer has 2 up-votes, so if anyone has tested it please comment)

You can also pass a Certificate Authority chain file that contains the CA that was used, in case it was not a root-CA.

Here's a little tutorial I've found that can help you test your solution:

Creating a private root CA: http://www.flatmtn.com/article/setting-openssl-create-certificates

Creating a site certificate: http://www.flatmtn.com/article/setting-ssl-certificates-apache