[Solved] HTTP GET using cURL is giving SSL error

I have written a REST server which listens on port 8000. I am trying to invoke the api from the same machine using the cURL command –

curl -H "accept: application/json" https://localhost:8000/status -v

I am getting the following error

* About to connect() to localhost port 8000 (#0)
*   Trying ::1...
* Connected to localhost (::1) port 8000 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* NSS error -12263 (SSL_ERROR_RX_RECORD_TOO_LONG)
* SSL received a record that exceeded the maximum permissible length.
* Closing connection 0
curl: (35) SSL received a record that exceeded the maximum permissible length.

I have tried bypassing the certificate verification using -k option but to no avail. What am I missing here? Please comment if any more info is required.

EDIT:
My friend suggested to try with only http in the cURL command. Then it bypassed SSL check and it worked. But whats going wrong with https? Do I need to install certificate for localhost also? Also, why didn’t -k option work?

Enquirer: aniztar

||

Solution #1:

My friend suggested to try with only http in the cURL command. Then it bypassed SSL check and it worked.

It looks like that your server has not SSL enabled at all. That’s why HTTP worked and HTTPS did not. Using HTTP did not bypass any SSL check because there is no SSL with HTTP and thus no SSL check to bypass.

Also, why didn’t -k option work?

The -k option is used to skip certificate validation on SSL (HTTPS) connections. But it can only work if there is a SSL connection in the first place. Since your server does not support SSL at all -k will not help.

Do I need to install certificate for localhost also?

You need to first enable SSL on your (unknown) server. If your coded your own server then this means additional coding. And, once the server can do SSL at all you also need to setup a certificate which the server can provide to the client.

Respondent: aniztar

Solution #2:

In my case, I had to check my vhost configuration.
Things I had to do is defining a specific name-based vhost for the domain.

Maybe, someone just wants a quick test first and doesn’t want to configure a vhost, then they will encounter this error message.

Respondent: Steffen Ullrich

The answers/resolutions are collected from stackoverflow, are licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0 .

Leave a Reply

Your email address will not be published.