Recommended way to install CA certificate on local VM docker. Create the self signed certificates as state in the docker documentation.

So since the Mavericks upgrade curl has more issues with certificates. When trying to curl a file from my web server with it's self-signed certificate it was getting the error 'SSL Certificate: Invalid certificate chain'.

This was corrected by adding the certificate to my system keychain and setting it to always allow SSL, information I found. This works fine and when I curl a file it downloads properly. However if I run curl with sudo before (e.g I have a script which needs to be run with sudo and does a curl in it) then I'm back to the same error message.

I'm guessing that root doesn't read from the system keychain perhaps? Steam. Does anyone know a way to fix this? F you store your CA certificates on the filesystem (in PEM format) you can tell curl to use them with sudo curl --cacert /path/to/cacert.pem. You can also turn off the certificate verification with sudo curl --insecure. Edit: Updated with regard to feedback If you want to set this permanently, you should create a.curlrc files and place in your home directory. Sudo commands may need this file in /var/root The file takes the same options as the command line but without the dashes.

One option per line: cacert=/path/to/my/certs.pem. Root doesn't read from the current user trust settings, but there are both an admin trust settings and root-user-specific trust settings. (These are also distinct from the system trust settings.) Note, also, that certificate trust settings are somewhat distinct from just adding a certificate to a keychain; you can mark a cert as trusted without fully adding it. (The exact situation here is not clear to me, and the docs I've seen are vague.) You can mark a cert as trusted for your current user as $ security add-trusted-cert /path/to/cert.pem but that doesn't help with root. The solution, as you might now guess, is either to sudo the above, which then marks it as trusted for the root user specifically: $ sudo security add-trusted-cert /path/to/cert.pem or to use the -d flag to add it to the admin trust settings: $ security add-trusted-cert -d /path/to/cert.pem (OS X will pop up a password dialog to confirm this one.) Either of the latter two seems to be sufficient for sudo curl. Did you actually try what I suggested? I tested it, in exactly the situation you describe, and it worked.

I'm not clear on all the details -- documentation is vague -- but you should know that certificate trust settings are NOT quite synonymous with just adding the cert to a keychain, and that the admin cert trust settings exist separately from both system and user settings/keychains. (There also seems to be a root-user-specific set of user settings in the mix.) I've edited my answer to be clearer on this point. Please, try this solution. Problems with high sierra for mac. – Mar 8 '14 at 19:52 •. If you use MacPorts (and the 3rd-party script you mentioned doesn't remove it from $PATH or calls /usr/bin/curl) you can install the certsync and curl ports in this order. Certsync is a tool and a corresponding launchd plist that will export your system keychain to $prefix/etc/openssl/cert.pem and install a symlink $prefix/share/curl/curl-ca-bundle.crt -> $prefix/etc/openssl/cert.pem so MacPorts curl will automatically pick up the certificates. Certsync will also automatically update the generated files when you change your system keychain.