These are the steps to install a self-signed certificate so you can avoid using the “–insecure” switch for curl and others which communicate over SSL/TLS.
For me it was necessary to communicate safe over the network with my tool written in ruby
Test environment:
- Server: debian 7 (Raspberry PI) with owncloud 9
- Client: centOS 7
HOST=rpi01
PORT=443
FILE=$HOST.pem
# Test first if you get an certificate error
curl -v -O remote.php https://$HOST/owncloud/remote.php
# Download the certificate
openssl s_client -showcerts -connect $HOST:$PORT </dev/null | openssl x509 -outform PEM > $FILE
# Install the certificate into nssdb
certutil -d sql:/etc/pki/nssdb -A -t “P,,” -n $HOST -i $FILE
# List if the certificate are inside the database
certutil -d sql:/etc/pki/nssdb -L -n $HOST
# Download the test file again.
curl -v -O remote.php https://$HOST/owncloud/remote.php
Nice solution, sadly it didn’t work for Debian (based distributions).
In Debian it’s meanwhile enough to copy CA certificates – important: with postfix .crt but not .pem named – to /usr/local/share/ca-certificates and run update-ca-certificates which symlinks the certificate into /etc/ssl/certificates and updates there the ca-certifcates.crt with own (self-signed) certificates.