Hello,
I am trying to access a site using the PHP cURL and I encountered a problem. The server is providing me an expired intermediate certificate.
The server's certificate chain looks like:
- Root certificate (/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority)
- Intermediate certificate (/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign)
- Server certificate
Using
openssl s_client -connect http://WWW.CLERK-17TH-FLCOURTS.ORG:443 -CAfile D:\Work2\ie_verisign_c3.pem -showcerts
I was able to see the two certificates sent by the server and that the problem is the intermediate certificate has expired (in 2004).
Also 2 browsers, Firefox and Opera are warning about a problem with the server certificates. Opera states clearly that the server is sending an expired certificate. IE behaved the best and it seams to me that it downloaded (or used its own) valid intermediate certificate instead of the expired one. It was able to verify the server certificate.
So, I exported the IE intermediate and root certificate, which are both valid and tried to use them. But it appears that openssl doesn't look at my intermediate certificate, and it uses only the server's one.
The question is, how can I tell openssl and/or libcurl to ignore the server's intermediate certificate and use my own?
Thank you very much,
Constantin Nita
How to ignore server's intermediate certificate?
Moderator: General Moderators
If you want to skip validation :
Code: Select all
curl_setopt ($handle, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($handle, CURLOPT_SSL_VERIFYHOST, 0);