A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more. Log in for full access Log In When creating a custom ISO image based on current release getting the following error: Subscriber exclusive contentA Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more. Current Customers and PartnersLog in for full access Log In We running 2 application on amazon EC2 (backend.example.com & frontend.example.com). For that application, we used a paid SSL Certificate. That certificate expiration date at 2021 June. But today, we got an error - cURL error 60: SSL certificate problem: certificate has expired (see http://curl.haxx.se/libcurl/c/libcurl-errors.html)We check certificate expiration date, but there was no problem (2021 June). Then we follow this thread - curl: (60) SSL certificate problem: unable to get local issuer certificate (@Dahomz answer) After that, when we curl example.com by - curl -v --url https://backend.example.com --cacert /etc/ssl/ssl.cert/cacert.pem, It working fine. Response like - * Rebuilt URL to: https://backend.example.com/ * Trying 127.0.0.1... * Connected to backend.example.com (127.0.0.1) port 443 (#0) * found 139 certificates in /etc/ssl/ssl.cert/cacert.pem * found 600 certificates in /etc/ssl/certs * ALPN, offering http/1.1 * SSL connection using TLS1.2 / ******_RSA_***_***_GCM_***** * server certificate verification OK * server certificate status verification SKIPPED * common name: *.example.com (matched) * server certificate expiration date OK * server certificate activation date OK * certificate public key: RSA * certificate version: #3 * subject: OU=Domain Control Validated,OU=PositiveSSL Wildcard,CN=*.example.xyz * start date: Mon, 04 May 2019 00:00:00 GMT * expire date: Wed, 07 June 2021 23:59:59 GMT * issuer: C=GB,ST=Greater Manchester,L=Salford,O=Sectigo Limited,CN=Sectigo RSA Domain Validation Secure Server CA * compression: NULL * ALPN, server accepted to use http/1.1But when we hit from frontend.example.com to backend.example.com by curl, it throws this error - * Rebuilt URL to: https://backend.example.com/ * Trying 127.0.0.1... * Connected to backend.example.com (127.0.0.1) port 443 (#0) * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/ssl/ssl.cert/cacert.pem CApath: /etc/ssl/certs * SSL connection using TLSv1.2 / *****-RSA-*****-GCM-****** * ALPN, server accepted to use http/1.1 * Server certificate: * subject: OU=Domain Control Validated; OU=PositiveSSL Wildcard; CN=*.example.com * start date: Mar 4 00:00:00 2019 GMT * expire date: Apr 7 23:59:59 2021 GMT * issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Domain Validation Secure Server CA * SSL certificate verify result: certificate has expired (10), continuing anyway.My curl code - $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://backend.example.com"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_VERBOSE, 1); curl_setopt($ch, CURLOPT_STDERR, fopen(public_path("c.log"), 'w')); curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE); $output = curl_exec($ch); $error = curl_error($ch); $info = curl_getinfo($ch); curl_close($ch); |