# curl -V
curl 7.21.7 (x86_64-redhat-linux-gnu) libcurl/7.21.7 NSS/3.12.10.0 zlib/1.2.3 libidn/0.6.5 libssh2/1.2.7
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp 
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM SSL libz 

# curl -v https://secure.authorize.net/gateway/transact.dll
* About to connect() to secure.authorize.net port 443 (#0)
*   Trying 64.94.118.32... connected
* Connected to secure.authorize.net (64.94.118.32) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* Unable to initialize NSS database
* Initializing NSS with certpath: none
* WARNING: failed to load NSS PEM library libnsspem.so. Using OpenSSL PEM certificates will not work.
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Peer's certificate issuer is not recognized: 'CN=Entrust Certification Authority - L1E,OU="(c) 2009 Entrust, Inc.",OU=www.entrust.net/rpa is incorporated by reference,O="Entrust, Inc.",C=US'
* NSS error -8049
* Closing connection #0
* Peer certificate cannot be authenticated with given CA certificates
curl: (60) Peer certificate cannot be authenticated with given CA certificates
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.