Default CA Cert Bundle Location
strace might give you a clue.
strace curl https://www.google.com |& grep open
Lots of output, but right near the end I see:
open("/etc/ssl/certs/578d5c04.0", O_RDONLY) = 4
/etc/ssl/certs/ is where my certificates are stored.
There should be a program 'curl-config' in curl's 'bin/', i.e. where the 'curl' binary resides.
gives the ca bundle install path.
I just did a whatis curl-config: "Get information about a libcurl installation" so I guess it will only be available if libcurl was installed, which I presume is standard though.
I found an easy way: use the
--cacert with a wrong file name, the output will show the path.
~$ curl --cacert non_existing_file https://www.google.com curl: (77) error setting certificate verify locations: CAfile: non_existing_file CApath: /etc/ssl/certs
-v with https in the URL.
$ curl -v https://google.com * Rebuilt URL to: https://google.com/ * timeout on name lookup is not supported * Trying 188.8.131.52... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to google.com (184.108.40.206) port 443 (#0) * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * *CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt*
Linux (Ubuntu, Debian)
Copy your CA to dir /usr/local/share/ca-certificates/
sudo cp foo.crt /usr/local/share/ca-certificates/foo.crt
Update the CA store
Remove your CA and update the CA store:
sudo update-ca-certificates --fresh
Linux (CentOs 6)
Install the ca-certificates package:
yum install ca-certificates
Enable the dynamic CA configuration feature: update-ca-trust force-enable
Add it as a new file to
cp foo.crt /etc/pki/ca-trust/source/anchors/ update-ca-trust extract
Linux (CentOs 5)
Append your trusted certificate to file
cat foo.crt >>/etc/pki/tls/certs/ca-bundle.crt
https://manuals.gfi.com/en/kerio/connect/content/server-configuration/ssl-certificates/adding-trusted-root-certificates-to-the-server-1605.html very nice link, which explains, how to add it to several popular OS.