Hi,
The version of cURL in my z/OS system is: curl 7.52.1 (i370-ibm-openedition)
curl-config --ca returns: /u/mvsbuild/py361z/python36/etc/ssl/cacert.pem
But I can't find that directory. Instead I found cacert.pem is under /u/python/python36/etc/ssl. So I created that directory and copy cacert.pem there.
I tried 3 different ways:
1) When I issue the command without specifying --cacert and --capath, I got error
curl: (60) SSL certificate problem: self signed certificate in certificate chain
2) When I issue the command specifying --cacert and --capath, I got error
curl: (77) error setting certificate verify locations:
CAfile: cacert.pem
CApath: /u/mvsbuild/py361z/python36/etc/ssl
3) When I copy the cacert.pem file to the current directory, it works.
Questions:
1. Is there something wrong with the build process that made the cacert.pem stored in a wrong location?
2. After manually copied the cacert.pem to the desired location, why can't it be used, even specifying the location explicitly?
3. Is it a requirement that cacert.pem has to be in the current directory and it needs to be specified explicitly?
4. Is there a way to use a RACF keyring specified in the configured AT-TLS policy file that contains the CA certs instead of using the pem file?
------------------------------
Wai Choi
MS
IBM
POUGHKEEPSIE NY US
------------------------------