Sql-docs: Ubuntu WSL - "curl: (60) SSL certificate problem: unable to get local issuer certificate"

Created on 19 Dec 2019  Â·  9Comments  Â·  Source: MicrosoftDocs/sql-docs

When running this command in WSL Ubuntu:

sudo curl https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -

I get the following error:

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
gpg: no valid OpenPGP data found.

I have "Ubuntu" installed, not the specific versions from the Microsoft Store.

Here is the verbose output:

sudo curl -v https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add -
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 40.76.35.62...

  • TCP_NODELAY set
  • Connected to packages.microsoft.com (40.76.35.62) port 443 (#0)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • successfully set certificate verify locations:
  • CAfile: /etc/ssl/certs/ca-certificates.crt
    CApath: /etc/ssl/certs
    } [5 bytes data]
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
    } [512 bytes data]
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
    { [81 bytes data]
  • TLSv1.2 (IN), TLS handshake, Certificate (11):
    { [2542 bytes data]
  • TLSv1.2 (OUT), TLS alert, Server hello (2):
    } [2 bytes data]
  • SSL certificate problem: unable to get local issuer certificate
  • stopped the pause stream!
    0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
  • Closing connection 0
    curl: (60) SSL certificate problem: unable to get local issuer certificate
    More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
gpg: no valid OpenPGP data found.


Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

Pri2 assigned-to-author linutech sqprod support-request

Most helpful comment

Try setting env CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt .
Work for me.

All 9 comments

@seanwhitepc -- thank you for your feedback. You may find answers here:

I am closing this issue now. You are welcome to @ mention me for any followup.
We hope to hear from you again.

@WilliamAntonRohm : please specify what is the fix here? I too have the same issue.
@seanwhitepc : Were you able to find a fix?

For the next person who comes across this, this issue in my system was due to a firewall setting disabling internal communication in private network. After I fixed that, the error was gone.

@WilliamAntonRohm i have the same issue. On host machine curl work fine.

Here's a workaround for a similar issue. I am still (as of Nov 2020) experiencing this kind of issue with WSL and curl.

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
````
It seems as though curl can't handle the newlines (`\n`) in the cert bundle file, so I've duplicated the necessary Root CA certs at the bottom of that certificates file and simply removed the newlines, so that everything between

--- BEGIN CERTIFICATE ---


--- END CERTIFICATE ---
```
is a single line. Hope this helps others in the future.

@posters -- thank you for your followup and solutions.

@VanMSFT -- please look into this potential documentation issue.

This is not a documentation issue, and not specific to SQL Server on Linux. The issue is specific to the client sending the request. Please see https://stackoverflow.com/questions/24611640/curl-60-ssl-certificate-problem-unable-to-get-local-issuer-certificate

@VanMSFT -- thank you for clarifying.

Try setting env CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt .
Work for me.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

0ddo picture 0ddo  Â·  4Comments

GeorgeTsiokos picture GeorgeTsiokos  Â·  4Comments

ev2900 picture ev2900  Â·  3Comments

jamesstead picture jamesstead  Â·  4Comments

samrueby picture samrueby  Â·  3Comments