How to add a trusted certification authority on Linux so curl did not swear?

Yandex in one API is written literally the following:

You must download the certification chain (the certificates of certification authorities NBCO and NBCO Root YM YM Int) at and add them to the list of trusted root and intermediate CA IN your.

What exactly should I do with this file ymca.p7b on your Linux, to CURL not cursed?

At the moment I tried to specify the file option curl

curl --verbose \
 --cert "yandex-generated-cer.cer" \
 --key "my-private.key" \
 --cacert "ymca.p7b" \
 --pass "my-pryvate-key-pws" \

Error: curl: (77) error setting certificate verify locations

I suspect that the wrong file use the ymca.p7b.
July 9th 19 at 11:19
2 answers
July 9th 19 at 11:21
In ymca.p7b lies the chain of certification. This means that there are several certificates and need to glue them:

openssl pkcs7 -inform DER-outform PEM -in ymca.p7b -print_certs > ymca.crt

Now, it is necessary to install them in the system:

sudo mkdir /usr/share/ca-certificates/extra
sudo cp ymca.crt /usr/share/ca-certificates/extra/ymca.crt
sudo dpkg-reconfigure ca-certificates

In fact, then in /etc/ssl/certs/ should appear the ymca.pem and one of API Yandex should work.
July 9th 19 at 11:23
c.setopt(pycurl.SSL_VERIFYPEER, 0)
c.setopt(pycurl.SSL_VERIFYHOST, 0)
c.setopt(pycurl.SSLCERT, 'd:/crt.pem')
c.setopt(pycurl.SSLKEY, 'd:/key.pem')
c.setopt(pycurl.SSLCERTPASSWD, 'Somepass')
c.setopt(pycurl.SSLKEYPASSWD, 'Somepass')

of course, p7b to pem need to do

Find more questions by tags Web Development