curl: (60) SSL certificate problem: unable to get local issuer certificate

Question

root@sclrdev:/home/sclr/certs/FreshCerts# curl --ftp-ssl --verbose ftp://{abc}/ -u trup:trup --cacert /etc/ssl/certs/ca-certificates.crt
* About to connect() to {abc         


        

Answer 1

Specifically for Windows users, using curl-7.57.0-win64-mingw or similar version.

This is a bit late, and the existing answers are correct. But I still had to struggle a bit to get it working on my Windows machine, though the process is actually pretty straight forward. So, sharing the step-by-step process.

This error basically means, curl is failing to verify the certificate of the target URI. If you trust the issuer of the certificate (CA), you can add that to the list of trusted certificates.

For that, browse the URI (e.g. on Chrome) and follow the steps

1. Right click on the secure padlock icon
2. Click on certificate, it'll open a window with the certificate details
3. Go to 'Certification Path' tab
4. Click the ROOT certificate
5. Click View Certificate, it'll open another certificate window
6. Go to Details tab
7. Click Copy to File, it'll open the export wizard
8. Click Next
9. Select 'Base-64 encoded X.509 (.CER)'
10. Click Next
11. Give a friendly name e.g. 'MyDomainX.cer' (browse to desired directory)
12. Click Next
13. Click Finish, it'll save the certificate file
14. Now open this .cer file and copy the contents (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----)
15. Now go to the directory where curl.exe is saved e.g. C:\SomeFolder\curl-7.57.0-win64-mingw\bin
16. Open the curl-ca-bundle.crt file with a text editor
17. Append the copied certificate text to the end of the file. Save

Now your command should execute fine in curl.