Red Hat Bugzilla – Bug 1310503
Update section about curl and CA store
Last modified: 2016-09-28 21:25:30 EDT
Description of problem: Taken from BZ 1275128 (In reply to David O'Brien from comment #19) > Section 2.1 Using SSL Authentication > Use the following command to permanently include the certificate in the > curl CA store: > > # certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "Red Hat Satellite" -i > /path/to/ca-cert-file > > Shouldn't that read something like "to include the certificate in the CA > store that curl can access"? Does curl have a CA store? Yes, you're correct. That is not a CA-store owned by curl, but rather it is one that curl can access to verify hosts that lives in your $HOME. I tried this myself just to double-check that I could then curl without needing the -k option afterwards. # create a new DB if you don't already have one $ certutil -N -d sql:$HOME/.pki/nssdb $ certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "Red Hat Satellite" -i /path/to/ca-cert $ curl -X GET -u admin:changeme https://satellite6.example.com/api/v2/hosts { "total": 2, ..., "results": [ ... ] } success! Additional info: Document URL: Section Number and Name: Describe the issue: Suggestions for improvement: Additional information:
This content is now live on the Customer Portal. Closing.