And how to fix it…
Just got a fresh install from work. I open things up and try to install homebrew. I get the following error:
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). The default bundle is named curl-ca-bundle.crt; you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.
So, the first thing I try to do is update my certs with safari. Basically, there’s a trick where you can visit a secure url in safari and if the cert is not added/trusted yet, safari will handle everything for you. Just visit the url, trust the cert in safari and it will take care of adding it to your certificates, root CA and all. Super simple, rather than copying and manually installing with http://curl.haxx.se/ca/cacert.pem
When I visit the page, safari acts like everthing is ok. This got me wondering…what’s in my $PATH?
I see that I have “:/XAMPP/xamppfiles/bin:” which might not be what I want. Then where am I executing curl from?
There it is! My system is executing curl from within the XAMPP installation, which ships with an outdated set of ssl certs. So where is this being added to the path?
I had added a line “export $PATH:/XAMPP/xamppfiles/bin” for some reason. I removed it, restart terminal and run “which curl” again to see that now my system goes to the right place for curl (/usr/bin/curl).