Here's some information to use additional CA certificates with the curl and wget commands.
Download/copy the certificates into a directory, e.g. ~/etc/certs.
Generate the hash values with the c_rehash
command and the directory as argument. For instance:
c_rehash ~/etc/certs.
With the official c_rehash utility from
openssl, all the certificates
must have the .pem extension; to support the
.crt extension as well, which is commonly
used, one must either use Debian's c_rehash script
or replace /\.pem$/ by /\.(crt|pem)$/ in
the script.
Add the certificate directory to the configuration files of curl and wget. For instance, in the ~/.curlrc file:
capath = "/home/user/etc/certs:/etc/ssl/certs"
(note that the ~ and $HOME forms are not
supported) if /etc/ssl/certs
is the default directory (containing the certificates installed on
the system); this is valid at least for curl 7.21
to 7.35. And in the ~/.wgetrc file (at least for
wget 1.13 to 1.15):
ca_directory = ~/etc/certs
but it does not seem possible to use the default certificates (unless they are added in this directory); see Debian bug 646413.
Note: With MacPorts under Mac OS X, in order to have the certificates installed on the system with curl, one must install the curl port with the ssl variant, not the gnutls one.
Page generated from file unix/cacert.en.xml on 2024-09-27 by xsltproc (using libxml 21207, libxslt 10135 and libexslt 820).
Note: this DocBook conversion is still experimental; please report any problem.