Comment 10 for bug 245634

>>>>> "Gene" == Gene Czarcinski <email address hidden> writes:

    Gene> OK, first the environment variable ... this does not work!
    Gene> export CURL_CA_BUNDLE=/etc/pki/tls/certs/ca-bundle.crt
    Gene> set
    Gene> <deleted>
    Gene> CURL_CA_BUNDLE=/etc/pki/tls/certs/ca-bundle.crt
    Gene> <deleted>
    Gene> bzr launchpad-login gene-czarc

    Gene> bzr: ERROR: pycurl.error: (60, 'Peer certificate cannot
    Gene> be authenticated with known CA certificates')

I'd guess launchpad uses a certificate that is used by a
Certificate Authority (CA) which is not described in
/etc/pki/tls/certs/ca-bundle.crt.

If you can connect to launchpad.net from a browser, getting the
CA should be easy, then you can check that it appears in
/etc/pki/tls/certs/ca-bundle.crt.

A work-around will then be to get that CA certificate, put it in
a file in the right format and gives *that* file path to
CURL_CA_BUNDLE.

The underlying problem being that the responsibility of
distributing the CA certificates is viewed differently between
distributions and browsers (which are the main users).