How to add a trusted certification authority on Linux so curl did not swear?

Yandex in one API is written literally the following:

You must download the certification chain (the certificates of certification authorities NBCO and NBCO Root YM YM Int) at crls.yamoney.ru/ymca.p7b and add them to the list of trusted root and intermediate CA IN your.


What exactly should I do with this file ymca.p7b on your Linux, to CURL not cursed?

At the moment I tried to specify the file option curl

curl --verbose \
 --cert "yandex-generated-cer.cer" \
 --key "my-private.key" \
 --cacert "ymca.p7b" \
 --pass "my-pryvate-key-pws" \
 https://penelope-demo.yamoney.EN:8083/webservice/mws/api/listOrders


Error: curl: (77) error setting certificate verify locations

I suspect that the wrong file use the ymca.p7b.
July 9th 19 at 11:19
2 answers
July 9th 19 at 11:21
Solution
In ymca.p7b lies the chain of certification. This means that there are several certificates and need to glue them:

openssl pkcs7 -inform DER-outform PEM -in ymca.p7b -print_certs > ymca.crt

www.openssl.org/docs/apps/pkcs7.html

Now, it is necessary to install them in the system:

sudo mkdir /usr/share/ca-certificates/extra
sudo cp ymca.crt /usr/share/ca-certificates/extra/ymca.crt
sudo dpkg-reconfigure ca-certificates

askubuntu.com/questions/73287/how-do-i-install-a-r...

In fact, then in /etc/ssl/certs/ should appear the ymca.pem and one of API Yandex should work.
July 9th 19 at 11:23
c.setopt(pycurl.SSL_VERIFYPEER, 0)
c.setopt(pycurl.SSL_VERIFYHOST, 0)
c.setopt(pycurl.SSLCERT, 'd:/crt.pem')
c.setopt(pycurl.SSLKEY, 'd:/key.pem')
c.setopt(pycurl.SSLCERTPASSWD, 'Somepass')
c.setopt(pycurl.SSLKEYPASSWD, 'Somepass')


of course, p7b to pem need to do

Find more questions by tags Web Development