SSL Certificates - OS X Mavericks
--cacert
and --cert
are broken in OSX Mavericks.
You can read more about it here: https://groups.google.com/forum/#!topic/munki-dev/oX2xUnoQEi4
The workaround is here: http://curl.haxx.se/mail/archive-2013-10/0036.html which indicates that you need to import the certificate as a trusted system cert:
Import the certificate into the system ("System") or user ("login") keychain using Keychain Access and mark it as always trusted for SSL and X.509 basic policy.
In some cases will be better to use standard curl (eg if you develop on Mac code for Linux or *BSD). In this case you can do like that:
Install Homebrew
Install curl with standard certificates support (no more Keychain certs).
brew install curl --with-openssl && brew link curl --force
Install root CA certs from http://curl.haxx.se/ca/cacert.pem into /usr/local/etc/openssl/certs/cacert.pem
Add into your ~/.bash_profile
export CURL_CA_BUNDLE=/usr/local/etc/openssl/certs/cacert.pem
After 4 steps you can use curl with certificates from file, not from Keychain.