Also add the -k
parameter with your curl command to overcome this ssl error by ignoring the ssl verification.
Okta API getting started error setting cert type | Getting User Apps api call
Question
I am trying to get started with the Okta API.
The command I type in cmd is:
curl -v -H "Authorization: SSWS MyAPITokenHERE" \
-H "Accept: application/json" -H "Content-Type: application/json" \
-X GET "https://MyDomain.okta.com/api/v1/apps"
*note I formatted with backslashes at the end of line to better read.
The above command is the format according to the API documents.
C:\Users\MyAccount>curl -v -H "Authorization: SSWS MyApiToken" -H "Accept: application/json" -H "Content-Type: application/json" -X
GET "https://MyDomain.okta.com/api/v1/apps" --cert-type (SSL)
* About to connect() to mydomain.okta.com port 443 (#0)
* Trying 99.99.999.999...
* connected
* Connected to mydomain.okta.com (99.99.999.999) port 443 (#0)
* error setting certificate verify locations:
CAfile: /usr/ssl/certs/ca-bundle.crt
CApath: none
* Closing connection #0
curl: (77) error setting certificate verify locations:
CAfile: /usr/ssl/certs/ca-bundle.crt
CApath: none
I have tried setting the certification type to SSL but that did not fix it. I am currently going through documentation and stackoverflow questions but with no luck.
I would appreciate it if someone can explain the reasoning behind this & help me figure out what I need to do? Thank you in advance.
Okta API Documentation https://github.com/okta/api/blob/master/docs/getting_started/design_principles.md
CURL Documentation http://curl.haxx.se/docs/manpage.html
Update I have added the optional parameter [-k] to suppress the SSL check but still would like to know what the problem could is
curl -v -H "Authorization: SSWS MyAPITokenHERE" \
-H "Accept: application/json" -H "Content-Type: application/json" \
-X GET "https://MyDomain.okta.com/api/v1/apps" -k
Solution
OTHER TIPS
Curl needs to know/trust the certificate used to sign the certificate from Okta. As you are using curl, this certificate should be in the file /usr/ssl/certs/ca-bundle.crt
(and this file needs to be readable by the user which is running the curl command). You can download a current copy of the bundle (which includes the cert you need) from the Curl Cert Authority Bundle webpage.