Problem with curl: (35) NSS: client certificate not found (nickname not specified)

Miztra_SE

Registered
Aug 18, 2022
2
0
1
Sweden
cPanel Access Level
Root Administrator
Im trying to implement a Swish payment plugin to my site but I get this error when I try.
It is working in test mode.

  • SSL certificate problem: unable to get local issuer certificate

When I test the connection to the site

$ curl -v REDACTED
* About to connect() to REDACTED port 443 (#0)
* Trying 213.132.115.90...
* Connected to REDACTED (1.2.3.4) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* NSS: client certificate not found (nickname not specified)
* NSS error -12227 (SSL_ERROR_HANDSHAKE_FAILURE_ALERT)
* SSL peer was unable to negotiate an acceptable set of security parameters.
* Closing connection 0
curl: (35) NSS: client certificate not found (nickname not specified)

I don't know what the problem are. Have been googling for days and nothing seems to help
I have SSL Certificate from Sectigo.
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
12,498
1,970
363
cPanel Access Level
Root Administrator
Hey there! Have you tried visiting that site in a browser? It gives an odd SSL requirement when I checked on my end just now, even in a browser, so you may need to reach out to that remove site admin to see what the connection requirements are.
 

Miztra_SE

Registered
Aug 18, 2022
2
0
1
Sweden
cPanel Access Level
Root Administrator
Not a problem with their site.

I have gotten further but now I have a new problem >.<
curl: (60) Peer's Certificate issuer is not recognized.

curl -v -X PUT https://cpc.site.net/swish-cpcapi/api/v1/paymentrequests/123 -H "Content-Type: application/json" --cert "./swish_certificate.pem" --key "./private.key" --pass "mypassword" --cacert "./Swish_Root.pem" --data '{
"payeePaymentReference": "0123456789",
"callbackUrl": "https://example.com/api/swishcb/paymentrequests",
"payerAlias": "4671234768",
"payeeAlias": "1241181189",
"amount": "100",
"currency": "SEK",
"message": "Kingston USB Flash Drive 8 GB"
}'

* About to connect() to cpc.site.net port 443 (#0)
* Trying 213.132.115.86...
* Connected to cpc.site.net (IP REMOVED) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: ./Swish_Root.pem
CApath: none
* Server certificate:
* subject: CN=cpc.getswish.net,O=GetSwish AB,L=Stockholm,C=SE
* start date: mar 31 00:00:00 2022 GMT
* expire date: mar 31 23:59:59 2023 GMT
* common name: cpc.getswish.net
* issuer: CN=GeoTrust RSA CA 2018,OU=www.digicert.com,O=DigiCert Inc,C=US
* NSS error -8179 (SEC_ERROR_UNKNOWN_ISSUER)
* Peer's Certificate issuer is not recognized.
* Closing connection 0
curl: (60) Peer's Certificate issuer is not recognized.
More details here: curl - SSL CA Certificates
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
12,498
1,970
363
cPanel Access Level
Root Administrator
Thanks for those additional details. This doesn't sound like it is related to cPanel, but I'm wondering if your server's packages are up-to-date. Can you try running a "yum update" to see if your operating system's ca-certificates package needs an update?