SSL Certificates - OS X Mavericks

--cacert and --cert are broken in OSX Mavericks.

You can read more about it here: https://groups.google.com/forum/#!topic/munki-dev/oX2xUnoQEi4

The workaround is here: http://curl.haxx.se/mail/archive-2013-10/0036.html which indicates that you need to import the certificate as a trusted system cert:

Import the certificate into the system ("System") or user ("login") keychain using Keychain Access and mark it as always trusted for SSL and X.509 basic policy.


In some cases will be better to use standard curl (eg if you develop on Mac code for Linux or *BSD). In this case you can do like that:

  1. Install Homebrew

  2. Install curl with standard certificates support (no more Keychain certs).

    brew install curl --with-openssl && brew link curl --force

  3. Install root CA certs from http://curl.haxx.se/ca/cacert.pem into /usr/local/etc/openssl/certs/cacert.pem

  4. Add into your ~/.bash_profile

    export CURL_CA_BUNDLE=/usr/local/etc/openssl/certs/cacert.pem

  5. After 4 steps you can use curl with certificates from file, not from Keychain.