Server Certificate Verification Failed

I followed these instructions to run a Cardano node successfully:

The wallet API works fine with SSL disabled:

$ curl -k https://localhost:8090/api/settings/sync/progress

However, I could not access the API using any certificate: (shunfan is my username)

$ curl --cacert /home/shunfan/cardano-sl/scripts/tls-files/ca.crt https://localhost:8090/api/settings/sync/progress
curl: (60) server certificate verification failed. CAfile: /home/shunfan/cardano-sl/scripts/tls-files/ca.crt CRLfile: none
More details here:

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

/home/shunfan/cardano-sl/scripts/tls-files/ca.crt does exist and I tried /home/shunfan/cardano-sl/state-wallet-mainnet/tls/server.cert as well. However, both of them throw the same error.

1 Like

No issue to me.

cardano-sl]$ git describe

cardano-sl]$ curl -H "Content-Type: application/json" --cacert scripts/tls-files/ca.crt https://localhost:8090/api/info

I still could not find a solution, but I will use -k to turn off the verification for now.

$ git describe

@shufan i am facing the same issue, but will figure it out soon, maybe we are missing some files

Have you tried specifying your actual IP in the connect-to-mainnet script instead of using localhost? You’ll have to adjust it in a few places.

Hi,I am a guy from China and I am a newbie for the Cardano.
I run the Cardano node withe the some intructions as the above and met the same issue with you!
I tried to add the -k in my curl command,but it only works for some get request,just like:
curl -k https://localhost:8090/api/settings/sync/progress or /api/info…
when I try the post command to create a new wallet,the command is in the below link:
curl -k -X POST https://localhost:8090/api/v1/wallets
-H “Content-Type: application/json; charset=utf-8”
-H “Accept: application/json; charset=utf-8” \
-d ‘{
“operation”: “create”,
“backupPhrase”: [“squirrel”, “material”, “silly”, “twice”, “direct”,
“slush”, “pistol”, “razor”, “become”, “junk”, “kingdom”, “flee”],
“assuranceLevel”: “normal”,
“name”: “MyFirstWallet”
unfortunately,the command return nothing!
I wanna know whether you solve the issue and Could u create the new wallet with the post command?
Thanks!Looking forward to your reply!

I have the same problem with API v1. Here is a related issue: (I saw your comments on that issue)

API v0 documentation:
API v1 documentation:

1 Like

Really appreciate your reply and patience!
Have a nice day!:grinning::grinning:

@Shunfan Hi,friend! Could I have your several minutes??
I have created some new wallet and new accounts using the v0 api with curl command!
But I failed finally when I tried to create some new addresses.
The doc link is here:
I think the part about creating the new addresses is not very clear.
I am really confused.I have tried the different curl command like below:
curl -k -X POST -H “Content-Type: application/json;charset=utf-8” -d ‘{“caId”:‘Ae2tdPwUPEZ18ZjTLnLVr9CEvUEUX4eW1LBHbxxxJgxdAYHrDeSCSbCxrvx@2329733709’}’
Neither worked!What’s wrong with the curl command??
Have you succeeded with the creating addresses with curl command??
Could u paste your curl command here?
Thanks so much!

The other curl commands I have tried:
curl -k -X POST -H “Content-Type: text/plain;charset=utf-8” -d “Ae2tdPwUPEZ18ZjTLnLVr9CEvUEUX4eW1LBHbxxxJgxdAYHrDeSCSbCxrvx@2329733709”

curl -k -X POST -H “Content-Type: application/json;charset=utf-8” -H “Accept: application/json; charset=utf-8” -d “CAccountId=Ae2tdPwUPEZ18ZjTLnLVr9CEvUEUX4eW1LBHbxxxJgxdAYHrDeSCSbCxrvx@2329733709”

Could you add -v flag (verbose mode) into your curl command and show me the response from the API?

Does your wallet have a passphrase?

Hi,friend!When I created the wallet,I didn’t set the passphrase,only set the cwBackupPhrase.
The verbose mode response is below:

Note: Unnecessary use of -X or --request, POST is already inferred.

  • Trying…
    % Total % Received % Xferd Average Speed Time Time Time Current
    Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0* Connected to ( port 8090 (#0)

  • found 148 certificates in /etc/ssl/certs/ca-certificates.crt
  • found 592 certificates in /etc/ssl/certs
  • ALPN, offering http/1.1
  • SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
  • server certificate verification SKIPPED
  • server certificate status verification SKIPPED
  • common name: localhost (does not match ‘’)
  • server certificate expiration date OK
  • server certificate activation date OK
  • certificate public key: RSA
  • certificate version: #3
  • subject: CN=localhost
  • start date: Fri, 27 Apr 2018 11:13:44 GMT
  • expire date: Mon, 24 Apr 2028 11:13:44 GMT
  • issuer: CN=localhost
  • compression: NULL
  • ALPN, server accepted to use http/1.1

POST /api/addresses HTTP/1.1
User-Agent: curl/7.47.0
Accept: /
Content-Type: application/json;charset=utf-8
Content-Length: 79

} [79 bytes data]

  • upload completely sent off: 79 out of 79 bytes
    < HTTP/1.1 400 Bad Request
    < Transfer-Encoding: chunked
    < Date: Tue, 01 May 2018 09:13:40 GMT
    < Server: Warp/3.2.13
    { [51 bytes data]

100 117 0 38 100 79 342 711 --:–:-- --:–:-- --:–:-- 718

  • Connection #0 to host left intact
    Failed reading: not a valid json value

Both commands(“caId”:…and “CAccountId”:…) return the same response.
Maybe the last sentence is import: Failed reading:not a valid json value.
But I really don’t know how to arrage the json value from the v0 api doc!