SSL Root Certificate update in Linux for curl

When you use curl in Linux machines to make remote calls to SSL sites, you need to have latest root certificates installed. Recently I came across a situation where the newer root certificate were not available and so the remote call suddenly started failing.

First, you will have to find the location of your certificate files :

curl-config --ca

Now, you download the latest bundle to the path found from above , which usually is /etc/pki/tls folder

curl http://curl.haxx.se/ca/cacert.pem -o /etc/pki/tls/certs/ca-bundle.crt

 

You can check whether the curl call works by sample command given below :

curl --verbose --cacert ./certs/verisign-intermediate-ca.crt --head https://remotesite.com/