Last updated on March 13, 2019
If you get curl error “(60) peer’s certificate issuer is not recognized” while trying to curl something from another server, it means that your server does not have target’s server trusted certificates.
To solve this in a quick way, we can bypass the error simply adding “-k” or “–insecure” to curl.
or executing for wget:
echo "check_certificate = off" >> ~/.wgetrc
You can add insecure option to your $HOME/.curlrc file:
$ vi $HOME/.curlrc
Append the following:
!But this won’t resolve the issue, you will only bypass the error, so be careful.
To make it right and secure follow the resolution below.
To resolve this:
- Open a webpage that uses the CA with Firefox
- Click the lock-icon in the addressbar -> show information -> show certificate, the certificate viewer will open
- click details and choose the certificate of the certificate-chain, you want to import to CentOS
- click “Export…” and save it as .crt file
- Copy the .crt file to /etc/pki/ca-trust/source/anchors on your CentOS machine
- run update-ca-trust extract
- test it with wget https://thewebsite.org or curl https://thewebsite.org
On debian and ubuntu the directory is /usr/local/share/ca-certificates/ and the command to update is update-ca-certificates