Software⏱️ 3 min read📅 2026-06-11

How to Fix: Curl NSS error -12190 - Error in TLS handshake

NSS error -12190 occurs when there is an issue with the TLS handshake. The problem may be related to the certificate or CA file used by NSS.

Quick Answer: Check the SSL/TLS configuration and ensure that the correct certificate and CA file are being used for the specific URL. You can try updating the NSS configuration or using a different CA file to resolve the issue.

📋 Table of Contents

  1. 💡 Why You Are Getting This Error
  2. ✅ Best Solutions to Fix It
  3. 💡 Conclusion

The error 'Curl NSS error -12190' is encountered when trying to download packages from certain URLs using Putty. This issue affects users who have not properly configured their system's SSL/TLS settings, leading to a failure in the TLS handshake process.

This error can be frustrating for users as it prevents them from downloading necessary software or updates. However, with the right configuration and troubleshooting steps, this issue can be resolved.

💡 Why You Are Getting This Error

  • The primary cause of this error is an incorrect or missing CAfile in the system's SSL/TLS settings. The CAfile specifies the trusted Certificate Authorities (CAs) that are used to verify the authenticity of the server's certificate. Without a valid CAfile, the system cannot establish a secure connection with the server.
  • An alternative reason for this error is an incorrect or missing CApath setting. The CApath specifies the location of the CA certificates. If the CApath is not set correctly, the system may not be able to find the required CA certificates, leading to an error in the TLS handshake process.

✅ Best Solutions to Fix It

Configuring the CAfile and CApath

  1. Step 1: Step 1: Verify the existence of the ca-bundle.crt file in the /etc/pki/tls/certs directory. If it does not exist, obtain a copy from a trusted source and copy it to this location.
  2. Step 2: Step 2: Update the CAfile setting to point to the newly obtained ca-bundle.crt file. This can be done by editing the /etc/pki/nssdb/nsssyscfg.conf file and updating the 'CAfile' setting to '/etc/pki/tls/certs/ca-bundle.crt'.
  3. Step 3: Step 3: Restart the Putty connection or re-run the curl command to test if the error has been resolved.

Using a different CAfile or CApath

  1. Step 1: Step 1: Obtain a copy of the GoDaddy Secure Certificate Authority - G2 CA certificate and update the CAfile setting to point to this file. This can be done by editing the /etc/pki/nssdb/nsssyscfg.conf file and updating the 'CAfile' setting to '/path/to/ca-bundle.crt'.
  2. Step 2: Step 2: Restart the Putty connection or re-run the curl command to test if the error has been resolved.

💡 Conclusion

To resolve the Curl NSS error -12190, it is essential to configure the system's SSL/TLS settings correctly. By following the steps outlined above, users can ensure that their system is properly configured and able to establish a secure connection with the server. If one method does not work, try another until the issue is resolved.

Did this fix your problem?

If not, try searching for specific error codes.

🔍 Search Error Database

❓ Frequently Asked Questions

🛠️ Related Fixes

How to Fix: Pc crashes shortly after launching game (rainbow

Fix Pc crashes shortly after launching game (rainbow six siege). Compl

How to Fix: Installing an APK on a locked down phone

Installing an APK on a locked down phone: Try using a rooted device, e

How to Fix: New PC build- no signal and no clue

Fix New PC build- no signal and no clue. Complete troubleshooting guid