Unable to access github via curl

Question

Trying to access github using the following command fails with the verification failed error. What should I do get past this issue

C:\software\curl-7.23.1-win64-ssl-sspi>curl -i https://api.github.com

curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use the -k (or --  insecure) option.

score 2 · Accepted Answer · edited May 23 '17 at 12:11

With msysgit, I sometime have to specify again http.sslcainfo for msysgit to correctly pick up the right CA cert file.

 git config --system http.sslcainfo \bin/curl-ca-bundle.crt

(Also presented here and in the comments of the GitHub smart http page)
If this doesn't work:

try to specify the full path: git config --system http.sslcainfo /c/path/to/msysgit/bin/curl-ca-bundle.crt, as illustrated by this blog post:

A much easier fix is just to set http.sslcainfo to the absolute path of the curl-ca-bundle.crt file in your msysGit install’s bin folder:

$ git config --global http.sslcainfo "/c/Program Files (x86)/Git/bin/curl-ca-bundle.crt"

I chose to do this at the --global level so the setting won’t be overwritten by future msysGit installs.

other alternatives are detailed in "HTTPS github access"

score 1 · Answer 2 · answered Feb 13 '12 at 09:22

1

If you don't want to use --cacert option (why?), as suggested in text, use another suggestion about -k

>curl -i -k https://api.github.com
HTTP/1.1 302 Found
Server: nginx/1.0.4
Date: Mon, 13 Feb 2012 09:14:24 GMT
Content-Type: text/html;charset=utf-8
Connection: keep-alive
Status: 302 Found
X-RateLimit-Limit: 5000
ETag: "d41d8cd98f00b204e9800998ecf8427e"
Location: http://developer.github.com
X-RateLimit-Remaining: 4999
Content-Length: 0

answered Feb 13 '12 at 09:22

Lazy Badger

94,711
9
78
110

**Take care:** this options disables SSL certificate validation. --cacert is the preferred way. – Maximilian Hils Sep 18 '12 at 12:31
Using cURL for GitHUb access, makes SSL somewhat redundant. Use `-Lk` flags to also follow any re-directs. – not2qubit Jan 28 '14 at 18:20

Unable to access github via curl

2 Answers2

Linked