Peer's cert issuer not recognized when REST through curl
search cancel

Peer's cert issuer not recognized when REST through curl


Article ID: 193571


Updated On:


CA Automic Workload Automation - Automation Engine


After setting up SSL for REST on Automic Workload Automation, when running curl commands, receive the following:

curl: (60) Peer's Certificate issuer is not recognized.

The following steps will help with this error


Release : 12.2



More details here:
curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs).

If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option.

If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL).

If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.


1.) Get the DER .cer cert from the web browser

source curl server needs to have the .pem certificate
enter in a web browser (preferably not IE)
Click on the lock for the certificate (enter incorrect creds is fine)

Click on the "Certifcate (Valid)" option

In the Certificate window, choose "Details"

Expand down to the company cert path  *IMPORTANT: Be sure to click on the beginning of the Certification path and then choose view certificate.

Click on "View Certificate"

Go to "Details" tab

Click on "Certification Path" and then "Copy to File..."

Click Next

Choose "DER encoded binary..." and then "Next"

Choose where to save file

Finish export

2.) Add the exported cert to the server where the curl command is being issued from

3.) Convert the format of the cert file file to create a .pem file
/usr/bin/openssl x509 -inform DES -in FILE.cer -out FILE.pem –text

4.) Run a curl command to test a simple job.
/usr/bin/curl --cacert /home/srv-uc4/FILE.pem -u MR_TEST/MR_TEST -X POST -H "Content-Type: application/json" -d "{\"object_name\":\"UC4.J.TESTRUN\"}"

Expected result
"run_id" : 1921088

Troubleshooting commands:
/usr/bin/curl -v --cacert /home/srv-uc4/FILE.pem
/usr/bin/openssl s_client -showcerts -servername -connect