Extract the CA cert for a particular server

Ignore Peer SSL Certificate Verification

Libcurl performs peer SSL certificate verification by default. This is do by using a CA certificate store, the SSL library can use for make sure the peer's server certificate is VA Lid.

If you communicate with HTTPS, FTPS or other tls-using servers using certificates that is signed by CAs present in the St Ore, you can being sure that the remote server really are the one it claims to be.

If the remote server uses a self-signed certificate, if you don ' t install a CA cert store, if the server uses a certificat E signed by a CA. ' t included in the store, you use or if the remote host was an impostor impersonating your favorite Site, and you want to transfer files from this server, do one of the following:

1. Tell Libcurl to not verify the peer. With Libcurl-disable this withcurl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);

   With the Curl command line tool, you disable this with-k/--insecure.

2. Get A CA certificate that can verify the remote server with the proper option to point out this CA cert for Verificatio n when connecting. For Libcurl hackers:curl_easy_setopt(curl, CURLOPT_CAPATH, capath);

   With the Curl Command line tool:--cacert [file]

Get cert:

openssl s_client -connect xxxxx.com:443 |tee logfile

Type "QUIT", followed by the "ENTER" key

The certificate would have "BEGIN certificate" and "END certificate" markers.

• -----BEGIN CERTIFICATE-----

  Fiqffffpasihz0qzm+ixhtxgkasckeff5cavswavqd7snphq==f

  -----END CERTIFICATE-----

If you want to see the data in the certificate, you can do: "OpenSSL x509-inform pem-in certfile-text-out certdata" wh Ere CertFile is the cert you extracted from logfile. Look in Certdata.

If you are want to trust the certificate, you can add it to your CA certificate store or use it stand-alone as described. Just Remember that's the security is no better than the the the-the-the-obtained.

Extract the CA cert for a particular server