The server certificate is invalid, either because it is signed by an invalid CA (internal CA, self signed,…), doesn’t match the server’s name or because it is expired. Either way, you need to find how to tell to the Python library that you are using that it must not stop at an invalid certificate if … Read more
How to solve this problem: download and extract cacert.pem following the instructions at https://curl.se/docs/caextract.html save it on your filesystem somewhere (for example, XAMPP users might use C:\xampp\php\extras\ssl\cacert.pem) in your php.ini, put this file location in the [curl] section (putting it in the [openss] section is also a good idea): openssl.cafile = “C:\xampp\php\extras\ssl\cacert.pem” restart your webserver (e.g. Apache) and PHP FPM server if applicable … Read more
curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 You are using a very old version of curl. My guess is that you run into the bug described 6 years ago. Fix is to update your curl.
Does your cacerts.pem file hold a single certificate? Since it is a PEM, have a look at it (with a text editor), it should start with —–BEGIN CERTIFICATE—– and end with —–END CERTIFICATE—– Finally, to check it is not corrupted, get hold of openssl and print its details using openssl x509 -in cacerts.pem -text
Thoughts (based on pain in the past): do you have DNS and line-of-sight to the server? are you using the correct name from the certificate? is the certificate still valid? is a badly configured load balancer messing things up? does the new server machine have the clock set correctly (i.e. so that the UTC time is correct … Read more
iOS 9 and OSX 10.11 require TLSv1.2 SSL for all hosts you plan to request data from unless you specify exception domains in your app’s Info.plist file. The syntax for the Info.plist configuration looks like this: If your application (a third-party web browser, for instance) needs to connect to arbitrary hosts, you can configure it … Read more
SSL certificate is valid only for website without www I set my site with SSL certificate. It is on posidonia.ga but if I connect then Firefox shows this warning: “”Websites guarantee their identity through certificates. Firefox does not consider this site reliable as it uses a certificate that is not valid for www.posidonia.ga. The certificate … Read more
The problem appears when your server has self signed certificate. To workaround it you can add this certificate to the list of trusted certificates of your JVM. In this article author describes how to fetch the certificate from your browser and add it to cacerts file of your JVM. You can either edit JAVA_HOME/jre/lib/security/cacerts file or run you … Read more
That is a problem of security protocol. I am using TLSv1 but the host accept only TLSv1.1 and TLSv1.2 then I changed the protocol in Java with the instruction below: System.setProperty(“https.protocols”, “TLSv1.1”);
Python 2.x: docs.python.org/2/library/httplib.html: Note: HTTPS support is only available if the socket module was compiled with SSL support. Python 3.x: docs.python.org/3/library/http.client.html: Note HTTPS support is only available if Python was compiled with SSL support (through the ssl module). To verify if SSL is enabled, try: