Red Hat Bugzilla – Bug 1310503
Update section about curl and CA store
Last modified: 2016-09-28 21:25:30 EDT
Description of problem:
Taken from BZ 1275128
(In reply to David O'Brien from comment #19)
> Section 2.1 Using SSL Authentication
> Use the following command to permanently include the certificate in the
> curl CA store:
> # certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "Red Hat Satellite" -i
> Shouldn't that read something like "to include the certificate in the CA
> store that curl can access"? Does curl have a CA store?
Yes, you're correct. That is not a CA-store owned by curl, but rather it is one that curl can access to verify hosts that lives in your $HOME. I tried this myself just to double-check that I could then curl without needing the -k option afterwards.
# create a new DB if you don't already have one
$ certutil -N -d sql:$HOME/.pki/nssdb
$ certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "Red Hat Satellite" -i /path/to/ca-cert
$ curl -X GET -u admin:changeme https://satellite6.example.com/api/v2/hosts
Section Number and Name:
Describe the issue:
Suggestions for improvement:
This content is now live on the Customer Portal.