SSL certification issue registering against local SMT


While trying to register a client to a local SMT server with, I’m getting a ‘curl’ error and server don’t register. I’ve read the issue may be related to expiration of certificates, but can’t find for sure how to get this solved so we can start updating the server

Here’s the output on registration: https://patchsrv01/center/regsvc/ --regcert http://patchsrv01/smt.crt

Version: 3 (0x2)
Serial Number:
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, CN=YaST Default CA (srv-parche)/
Not Before: Sep 24 17:45:41 2009 GMT
Not After : Sep 22 17:45:41 2019 GMT
Subject: C=US, CN=YaST Default CA (srv-parche)/
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
Netscape Comment:
YaST Generated CA Certificate
Netscape Cert Type:
X509v3 Key Usage:
Certificate Sign, CRL Sign
X509v3 Subject Key Identifier:

        X509v3 Authority Key Identifier: 
            DirName:/C=US/CN=YaST Default CA (srv-parche)/

        X509v3 Subject Alternative Name: 
        X509v3 Issuer Alternative Name: 
Signature Algorithm: sha1WithRSAEncryption

Do you accept this certificate? [y/n] y
Client setup finished.
Start the registration now? [y/n] y
/usr/bin/suse_register -i -L /root/.suse_register.log
Execute curl command failed with ‘60’:
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here:

curl performs SSL certificate verification by default, using a “bundle”
of Certificate Authority (CA) public keys (CA certs). The default
bundle is named curl-ca-bundle.crt; you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or --insecure) option.

Thanks in advance

isgleas wrote:

While trying to register a client to a local SMT server with, I’m getting a ‘curl’ error and server don’t

I would suggest you look at the Knowledgebase.

Here are two documents that deal with curl 60 errors.

Kevin Boyle - Knowledge Partner
If you find this post helpful and are using the web interface,
show your appreciation and click on the star below…