Extract the CA cert for a particular server

Source: Internet
Author: User
Tags openssl x509 ssl certificate

Ignore Peer SSL Certificate Verification

Libcurl performs peer SSL certificate verification by default. This is do by using a CA certificate store, the SSL library can use for make sure the peer's server certificate is VA Lid.

If you communicate with HTTPS, FTPS or other tls-using servers using certificates that is signed by CAs present in the St Ore, you can being sure that the remote server really are the one it claims to be.

If the remote server uses a self-signed certificate, if you don ' t install a CA cert store, if the server uses a certificat E signed by a CA. ' t included in the store, you use or if the remote host was an impostor impersonating your favorite Site, and you want to transfer files from this server, do one of the following:

    1. Tell Libcurl to not verify the peer. With Libcurl-disable this withcurl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);

      With the Curl command line tool, you disable this with-k/--insecure.

    2. Get A CA certificate that can verify the remote server with the proper option to point out this CA cert for Verificatio n when connecting. For Libcurl hackers:curl_easy_setopt(curl, CURLOPT_CAPATH, capath);

      With the Curl Command line tool:--cacert [file]

Get cert:

openssl s_client -connect xxxxx.com:443 |tee logfile

Type "QUIT", followed by the "ENTER" key

The certificate would have "BEGIN certificate" and "END certificate" markers.

    • -----BEGIN CERTIFICATE-----

      Fiqffffpasihz0qzm+ixhtxgkasckeff5cavswavqd7snphq==f

      -----END CERTIFICATE-----

If you want to see the data in the certificate, you can do: "OpenSSL x509-inform pem-in certfile-text-out certdata" wh Ere CertFile is the cert you extracted from logfile. Look in Certdata.

If you are want to trust the certificate, you can add it to your CA certificate store or use it stand-alone as described. Just Remember that's the security is no better than the the the-the-the-obtained.

Extract the CA cert for a particular server

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.