Curl: (77) Problem with the SSL CA cert (path? access rights?)


I use a shell script to send curl to elasticsearch. But I got this error:

curl: (77) Problem with the SSL CA cert (path? access rights?)

My curl is like:

RESPONSE=$(curl -v -s -w "%{http_code}" -o /dev/null -XDELETE -u "${USERNAME}:${PASSWORD}" --cacert "${CACERT_PATH}" "${ELASTICSEARCH_URL}/${INDEX}")

CACERT_PATH= /etc/certs/mycert.cer

  • When I disable certificate usage with -k or --insecure, it works perfect.

  • The script and elasticsearch are on the same Linux server.

The problem should be either user rights or certificate itself. Because it works without certificate check.


That needs to be a CA perhaps that is just the normal cert

Can you run just run curl with the -v and show the output

[user]$ ./
START -----> shell script
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* About to connect() to MYHOST port 9200 (#0)
*   Trying IP...
* Connected to MYHOST (IP) port 9200 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* Closing connection 0
curl: (77) Problem with the SSL CA cert (path? access rights?)

Again, looks to me like you're using a normal cert not a CA..
Did you create those certs yourself?

Did you check the path information on the file?

That looks odd too.

You should try running the curl manually outside your script

Also you should look up some of the openssl commands and just check the cert something like this

openssl x509 -in /etc/certs/mycert.cer -text -noout

Finally I found out the reason.

I used .cer certificate but it did not work.
I converted it to .pem file beginning with "BEGIN CERTIFICATE" and ending with "END CERTIFICATE".
It also did not work.

I used the same pem but added at the beginning the bag attributes.

Bag Attributes
localKeyID: ...
Bag Attributes: <Empty Attributes>

and it worked fine.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.