/etc/ssl/certs/

• /etc/ssl/certs/

/etc/ssl/certs/ca-certificates.crt

curl -v https://google.com
 * processing: https://google.com
*   Trying 142.250.181.78:443...
* Connected to google.com (142.250.181.78) port 443
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Related terms[edit]

• ca-certificates package

See also[edit]

• openssl [ rand | s_client | passwd | openssl req | openssl rsa | openssl genrsa | openssl x509 | openssl ca | openssl verify | openssl ec | openssl dgst | openssl pkcs12 | openssl asn1parse | openssl help | .cer to .pem, openssl version
• SSL: OpenSSL, LibreSSL, wolfSSL, BoringSSL, SSL pinning, /etc/ssl/certs/, ca-certificates, /etc/ssl/, sslscan2
• CA, Root Certificates, FreeIPA, PKI, OpenCA, Wildcard certificate, certtool, certbot (Let's Encrypt), certinfo (Cloudflare), ACME, Boulder, cfssl (Cloudflare), Public key certificate, public key, TLS and X.509, OCSP, Subject Alternative Name (SAN), openssl ca, Self signed certificate, CSR, keytool, ACM, KMS, aws acm, IdenTrust, multirootca, cert-manager, ca_cert_identifier