I am having problems getting RCurl function getURL to access an HTTPS URL on a server that is using a self-signed certificate. I'm running R 3.0.2 on Mac OS X 10.9.2.

I have read the FAQ and the curl page on the subject. So this is where I stand:

1. I have saved a copy of the certificate to disk (~/cert.pem).
2. I have been able to use this very same file to connect to the server using python-requests and the 'verify' option, and succeeded.
3. curl on the command-line seems to be ignoring the --cacert option. I succeeded in accessing the website with it after I flagged the certificate as trusted using the Mac OS X 'Keychain Access' app.

4. RCurl stubbornly refuses to connect to the website with the following code:

   getURL("https://somesite.tld", verbose=T, cainfo=normalizePath("~/cert.pem"))

This is the output I get:

* Adding handle: conn: 0x7f92771b0400
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 38 (0x7f92771b0400) send_pipe: 1, recv_pipe: 0
* About to connect() to somesite.tld port 443 (#38)
*   Trying 42.42.42.42...
* Connected to somesite.tld (42.42.42.42) port 443 (#38)
* SSL certificate problem: Invalid certificate chain
* Closing connection 38

When I tested both curl with the --cacert option and the RCurl code above in a Linux VM with the same cert.pem file and exact same URL, it worked perfectly.

So equal tests on Linux and Mac OS X, and only on Mac OS X do they fail. Even adding the certificate to the keychain didn't work.

The only thing that does work is using ssl.verifypeer=FALSE, but I don't want to do that for security reasons.

I'm out of ideas here. Anyone else have any suggestions on how to get this to work?

You can try:

library ("RCurl")
URL1 <- "https://data.mexbt.com/ticker/btcusd"
getURL(URL1,cainfo=system.file("CurlSSL","cacert.pem",package="RCurl"))

Coming back to this issue I just wanted to point out that if you are still using RCurl, you should be using httr (which uses curl) instead.

I have confirmed that using config(cainfo="/path/to/certificate") with httr connections will work as intended.