or Create a profile

Home Knowledge Base Building IMIfied Bots

Knowledge Base: CA cert error 14090086

When making a call to IMified using curl, you may see the following error:

ERROR SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

This error message is coming from your sever, and not from IMified. It indicates that curl is not properly configured to handle SSL. Your hosting provider or server admin can resolve this for you.

More Details

In order to operate securely, browsers and other Web clients use an encryption and identity technology called SSL. SSL has two advantages. It encrypts the data being sent between the client and the web server so that no one who intercepts it can read it. It also verifies the identity of the remote server so that you know the entity you are sending the encrypted stream to is not an imposter. Each SSL-enabled server has a document called a Certificate that contains the server's encryption keys.

To accomplish the identity portion of SSL, Certificate Authorities (CA) are used. A CA is a company that verifies the identities of certificate holders and then digitally signs the certificates, allowing you to be certain the certificate was really issued to the person or company that it claims to be from. CAs are like Notary Publics for web server identity.

To verify the CA's digital signature, web clients must have a copy of their signature on file to compare it to. In SSL parlance, these are called "certificate bundles" and are commonly distributed with web browsers.

Because the list of CAs and their signatures changes from time to time, the developers of curl have decided not to include a certificate bundle when you download and install curl. If you want your curl application to verify the identity of the remote server, you must install the certificate bundle yourself.

It is possible to set a flag with curl telling it not to verify the identity of the server, but as this opens a potential security hole, this flag is not set by default. If you do not want to or are unable to install the certificate bundle, look at the libcurl documentation for your programming language to determine how to turn off verification. For example, for PHP, you can read PHP's curl documentation and look up how to set CURLOPT_SSL_VERIFYPEER.

For more information about curl and SSL certificates, see http://curl.haxx.se/docs/sslcerts.html

Section:
Building IMIfied Bots
Last Updated:
29 Jan, 2010 07:59 PM

Recent Discussions

11 Mar, 2010 03:28 AM In need of a debug console
11 Mar, 2010 12:03 AM Apparently AOL has decided to not play... I cannot get my AOL bot to run...
10 Mar, 2010 06:30 PM Twitter workflow
10 Mar, 2010 03:15 PM bot url
10 Mar, 2010 02:06 PM Status

Recent Articles

Outbound messages without a userkey
CA cert error 14090086
Curl errors with PHP
HTML code is displayed in Jabber messages
Blank response when using PHP and curl