Intro
Are you, like me, vexed by this curl error:
curl: (51) SSL peer certificate or SSH remote key was not OK |
?
More details
I have many Linux systems from which to test. But I can only produce this error on some of them. It’s rather strange. I know most of the conditions which create this problem, but not all of them.
As you will see elsewhere on the Internet the error is in general produced by a DNS name/URL mismatch. The funny thing is that I always use the -k switch when running curl. This particular error occurred on some systems even with the -k switch! Now trhat’s noteworthy.
Circumstances which lead to the error
hostname in url does not match name in the certificate, e.g.,
curl -i -k https://vmanswer.com/
For me I only see the error on an older SLES 11 SP2 system. But I’m not sure how significant that is.
Additional debug info can be gleaned by adding the -v switch.
Circumstances which will not produce this error
If the URL hostname and the name on the certificate match, all is good.
If the URL uses an IP rather than a hostname all is good.
Perhaps certain implementations of curl and/or openssl will never produce this error as long as the -k switch is used??
Conclusion
The curl error curl: (51) SSL peer certificate or SSH remote key was not OK has been slightly better explained. It’s generally a hostname/certificate name mismatch and it only occurs on some curl versions.