when using curl in verbose mode, I get this error: Command:
$ curl -vvI https://www.google.com Error:
- successfully set certificate verify locations:
- CAfile: none CApath: /etc/ssl/certs
- TLSv1.3 (OUT), TLS handshake, Client hello (1):
- TLSv1.3 (IN), TLS handshake, Server hello (2):
- TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
- TLSv1.3 (IN), TLS handshake, Certificate (11):
- TLSv1.3 (OUT), TLS alert, unknown CA (560):
- SSL certificate problem: unable to get local issuer certificate
- Closing connection 0
But if I send the same command with sudo, the connection is setup successfully, so I guess it's a permission issue.
This is what I get with namei command:
$ namei -mo /etc/ssl/certs/ca-certificates.crt f: /etc/ssl/certs/ca-certificates.crt drwxr-xr-x root root / drwxr-xr-x root root etc drwxr-xr-x root root ssl drw-r--r-- root root certs ca-certificates.crt - Permission denied So I issued this command:
$ sudo chmod 755 /etc/ssl/certs/ca-certificates.crt That was executed without errors, but the output of namei command is the same.
Same thing with /etc/ssl/certs/certificate.crt
Finally, if I send this command:
$ sudo ls -l /etc/ssl/certs/ca-certificates.crt I get:
-rwxr-xr-x 1 root root 218664 lug 19 18:51 /etc/ssl/certs/ca-certificates.crt 
