Score:1

Curl SSL Certificate: unable to get local issuer certificate

ae flag

when using curl in verbose mode, I get this error: Command:

$ curl -vvI https://www.google.com

Error:

  • successfully set certificate verify locations:
  • CAfile: none CApath: /etc/ssl/certs
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
  • TLSv1.3 (IN), TLS handshake, Certificate (11):
  • TLSv1.3 (OUT), TLS alert, unknown CA (560):
  • SSL certificate problem: unable to get local issuer certificate
  • Closing connection 0

But if I send the same command with sudo, the connection is setup successfully, so I guess it's a permission issue.

This is what I get with namei command:

$ namei -mo /etc/ssl/certs/ca-certificates.crt

f: /etc/ssl/certs/ca-certificates.crt
drwxr-xr-x root root /
drwxr-xr-x root root etc
drwxr-xr-x root root ssl
drw-r--r-- root root certs
                     ca-certificates.crt - Permission denied

So I issued this command:

$ sudo chmod 755 /etc/ssl/certs/ca-certificates.crt

That was executed without errors, but the output of namei command is the same.

Same thing with /etc/ssl/certs/certificate.crt

Finally, if I send this command:

$ sudo ls -l /etc/ssl/certs/ca-certificates.crt

I get:

-rwxr-xr-x 1 root root 218664 lug 19 18:51 /etc/ssl/certs/ca-certificates.crt
Score:3
cz flag

You can't access files in the /etc/ssl/certs directory because it is missing search permission (x). You may fix that with chmod, e.g.: chmod a+x /etc/ssl/certs

Score:0
my flag

As you have seen, you can't access ca-certificates.crt. The curl command tries to access the certificate bundle with your user, but fails. You can fix this by using chmod. 755 may be used in this case, as certificate bundles are not sensitive files.

perissf avatar
ae flag
Sorry to not have mentioned this before... I edit my question

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.