Add Self-Signed SSL Cert To cURL

Self-Signed SSLIn an earlier post we talked about adding a self-signed SSL certificate to Google Chrome so that you can use SSL certificates on your local development machine. This solves the problem of browsing around on your local site, but it doesn’t solve the issue of making cURL calls. For example, if your site is running BackyBuddy or anything else that involves making backend calls over SSL, you will need to add / trust your self-signed certificate for cURL. So, here’s how you do it.

On Ubuntu, all the SSL certificates are hanging out together in /usr/share/ca-certificates If you followed my other article about adding a self-signed certificate to nginx, then your self-signed certificate is in /etc/ssl/your-certificate.crt

So symlink your self-signed certificate into /usr/share/ca-certificates like this:

sudo ln -s /etc/ssl/your-cert.crt /usr/share/ca-certificates/your-cert.crt

Next, edit the file /etc/ca-certificates.conf by adding the name of your self-signed certificate to the list. Your file will end up looking something like this:

your-cert.crt
mozilla/ACCVRAIZ1.crt
mozilla/ACEDICOM_Root.crt
mozilla/AC_Raíz_Certicámara_S.A..crt
...

Now you just need to update your certificates with this command:

$ sudo update-ca-certificates --fresh
Clearing symlinks in /etc/ssl/certs...done.
Updating certificates in /etc/ssl/certs....done.
Running hooks in /etc/ca-certificates/update.d....done.

Now you should be able to successful use cURL on your local site over SSL. You can test it out like this:

curl https://your-local-domain.dev

 

2 thoughts on “Add Self-Signed SSL Cert To cURL

  1. Thank you, that worked great for me.

  2. gronostaj says:

    /etc/ca-certificates.conf is auto-generated by dpkg-reconfigure ca-certificates and modifications would be overwritten.

    The correct method is to copy (or link) cert to /usr/local/share/ca-certificates. Then update-ca-certificates will pick it up without any additional file modifications.

Leave a Reply

Your email address will not be published. Required fields are marked *