Software & AppsOperating SystemLinux

How To Fix “curl: (60) server certificate verification failed” Error in Ubuntu Xenial

Ubuntu 8

If you’re using curl on Ubuntu Xenial and you’ve encountered the “curl: (60) server certificate verification failed” error, it can be a frustrating experience. However, the good news is that there are several ways to troubleshoot and resolve this issue. In this article, we’ll walk you through some potential solutions.

Check System Date and Time

The first step in resolving this error is to verify that your system date and time are correct. SSL/TLS certificates are time-sensitive, and if your system’s clock is off, it can result in certificate verification errors.

You can check the current system date and time by running the following command:

date

If the system date and time are incorrect, you can adjust them using the date command or by configuring NTP (Network Time Protocol).

Update CA Certificates

The next step is to update the CA (Certificate Authority) certificates on your server. This can be done by running the following command:

sudo apt-get update && sudo apt-get install ca-certificates

The apt-get update command updates the package lists for upgrades and new package installations. The apt-get install ca-certificates command installs the latest CA certificates, which are used by curl to verify server certificates.

Verify SSL/TLS Connection

If updating the CA certificates doesn’t resolve the issue, you can use the openssl s_client command to get more detailed information about the SSL/TLS connection. This can help identify any specific issues with the server’s certificate.

Here’s how to use the openssl s_client command:

openssl s_client -connect forums.openvpn.net:443

The -connect option specifies the server and port to connect to. The output of this command will provide detailed information about the server’s SSL/TLS configuration and certificate.

Bypass Certificate Verification

As a last resort, you can bypass certificate verification by using the -k or --insecure option with curl. However, this is not recommended for security reasons as it makes your connection vulnerable to man-in-the-middle attacks.

Here’s an example of how to bypass certificate verification:

curl -k https://forums.openvpn.net/

The -k option tells curl to proceed without certificate verification.

Replace curl Binary

If none of the above solutions work, you can consider replacing the curl binary with a statically linked version. This should be done with caution as it involves downloading a binary from a third-party source. Ensure that the source is trustworthy and the binary is free from malware.

Here’s an example of how to replace the curl binary:

  • Download the statically linked curl binary from a trusted source.
  • Rename the downloaded binary to /usr/local/bin/curl.
  • Verify the authenticity of the binary before replacing the system’s curl binary.

Conclusion

In this article, we’ve discussed several ways to resolve the “curl: (60) server certificate verification failed” error in Ubuntu Xenial. Remember, it’s important to investigate the cause of the certificate verification failure rather than simply bypassing it. Ignoring security errors can expose your system to unnecessary risks. Always prioritize the security of your system when troubleshooting these types of errors.

How do I check the current system date and time in Ubuntu Xenial?

To check the current system date and time in Ubuntu Xenial, you can run the following command in the terminal:

date
How do I update the CA certificates on Ubuntu Xenial?

To update the CA certificates on Ubuntu Xenial, you can run the following command in the terminal:

sudo apt-get update && sudo apt-get install ca-certificates
How can I use the `openssl s_client` command to troubleshoot SSL/TLS connection issues?

To use the openssl s_client command to troubleshoot SSL/TLS connection issues, you can run the following command in the terminal:

openssl s_client -connect forums.openvpn.net:443

Replace forums.openvpn.net:443 with the server and port you want to connect to. The output of this command will provide detailed information about the server’s SSL/TLS configuration and certificate.

Is it safe to bypass certificate verification using the `-k` or `–insecure` option with curl?

Bypassing certificate verification using the -k or --insecure option with curl is not recommended for security reasons. It makes your connection vulnerable to man-in-the-middle attacks. It’s important to investigate and resolve the cause of the certificate verification failure rather than bypassing it.

Leave a Comment

Your email address will not be published. Required fields are marked *