3

In the example of doc/html/boost_asio/example/cpp03/ssl/client.cpp - 1.58.0, it loads a file named ca.pem, but where can I download it? I've tried to export one from Firefox, and also tried to use the one in my system such as /usr/share/ca-certificates/mozilla/GeoTrust_Global_CA.crt, but the example program only returns message

Verifying /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
Handshake failed: certificate verify failed

Any suggestion? Thanks a lot.

Tanner Sansbury
  • 51,153
  • 9
  • 112
  • 169
Cody
  • 609
  • 4
  • 21
  • You never actually told us what you want to achieve. You just asked "Where can I download a ca.pem" - apparently you needed +a specific authority+ – sehe Jul 07 '15 at 08:01

2 Answers2

6

You can use Mozilla certificate pack converted to PEM format by the authors of cURL library. You can download it from cURL site.

I tried to run this boost.asio example using this pack and it ran successfully.

Alexander Shishenko
  • 940
  • 1
  • 11
  • 28
1

It's in the library source tree:

libs/asio/example/cpp03/ssl/server.pem
libs/asio/example/cpp03/ssl/dh512.pem
libs/asio/example/cpp03/ssl/ca.pem
sehe
  • 374,641
  • 47
  • 450
  • 633
  • Thanks for the reply. I found it and tried it yesterday, and still got the same failure. The command line I used is `./a.out www.google.com https`. Maybe the ca.pem file can only be used to check the connection with the demo server. I know little about OpenSSL. Maybe I shall learn OpenSSL first. – Cody Jul 04 '15 at 00:48
  • 1
    Yes, it is totally a demo file. – Alexander Shishenko Jul 06 '15 at 18:52
  • 1
    @Cody you should use a certificate signed by a trusted CA (certificate authority) or otherwise the verification will reflect that the certificate is not trusted. You can _buy_ certificates (requiring some paperwork to apply for the trust) or you can generate certificates yourself and/or add the issuer (the signing CA) to your own list of trusted CAs. – sehe Jul 06 '15 at 22:13
  • 1
    You might find a search on [SU] informative ([e.g.](http://superuser.com/search?tab=votes&q=trusted%20certificate)) or just head to [Wikipedia](https://en.wikipedia.org/wiki/Public_key_infrastructure) – sehe Jul 06 '15 at 22:15