I am getting below response in the curl. is curl need valid certificate while create vhost., i have already created valid keystore.
curl: (60) SSL certificate problem: self signed certificate in certificate chain More details here: https://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure. curl: (3) <url> malformed curl: (3) <url> malformed curl: (3) <url> malformed curl: (3) <url> malformed
The error from curl is independent of the operation you are attempting - creating a vhost.
The error from curl is a general one. I recommend that you read the article at the suggested URL: https://curl.haxx.se/docs/sslcerts.html It explains how curl works and handles SSL certificates.
"Self signed cert in certificate chain" is a terse message and it may not clearly communicate the issue.
Let's back up and look at a simplified description of how SSL and TLS works:
An additional layer of complexity comes in when we introduce "certificate chains". You see, there are lots and lots of CAs. And clients cannot directly trust all of them. So what we have settled on, as an industry, is a scheme under which CA certificates (which contain the CA public key) can be signed by other CAs.
Every TLS client is configured to trust a small number of "Root CAs". These are companies like Entrust, Verisign, and a few others. When verifying the cert for example.com, the client can follow the chain back to the original RootCA1, which it trusts. Since the client trusts RootCA1, it also trusts CA2, and also CA1, and therefore it trusts the cert presented by example.com . This transitive trust is what we refer to when we speak of "certificate chains".
Every client that implements SSL/TLS correctly follows this logic. Read more about it here.
With the error message you provided: ("SSL certificate problem: self signed certificate in certificate chain"), what curl is saying is: I've followed the chain of certificates back to a self-signed certificate, which I do not trust.
-----
The server, in my discussion above it is example.com, is presenting a certificate which is not signed by a trusted CA, or any CA that can be chained back to a trusted CA listed in the client's trust store. curl is rightly saying "I don't trust this cert."
There are three possible solutions:
-----
I want to reiterate that the error you see has nothing to do with the operation you're attempting, which I think is creating a vhost in Apigee Edge. The error message is generated during the TLS handshake, which happens before the request to create a vhost gets sent.
User | Count |
---|---|
5 | |
2 | |
2 | |
1 | |
1 |