Openssl Error Unable To Get Issuer Certificate Getting Chain
Contents |
Support:
Tomcat Intermediate Certificate
Order Processing Email Form Technical Support Email Form Knowledge Center Search Tips Search About Us|Legal|Contact Us|Site Map|FreeSSL Certificates tomcat ssl configuration © RapidSSL. RapidSSL is a leading certificate authority, enabling secure socket layer (SSL) encryption trusted by over 99% of browsers and customers worldwide for web site security. We specialize in fast issuance of low cost and free SSL certificates and wildcard SSL certificates. RapidSSL Certificates, RapidSSL Wildcard Certificates and FreeSSL™ Certificates.
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow comodo root certificate the company Business Learn more about hiring developers or posting ads with us Stack
How To Install Ssl Certificate In Tomcat 7
Overflow Questions Jobs Documentation Tags Users Badges Ask Question x Dismiss Join the Stack Overflow Community Stack Overflow is a community of
Error Unable To Get Local Issuer Certificate
6.2 million programmers, just like you, helping each other. Join them; it only takes a minute: Sign up Unable to get local issuer certificate while processing chain up vote 1 down vote favorite I do have https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO17070 private key(my_ca.key) and public key(my_cert.crt) which is signed by DigiCert. Now I want to create RA(Registration Authority) and sign it by my private key . Here is the way I tried to do that. But when I try to export private and public key as pkcs12 file I have been getting error like this unable to get local issuer certificate getting chain. No idea how to solve this. Here my_cert.crt is extended http://stackoverflow.com/questions/28870572/unable-to-get-local-issuer-certificate-while-processing-chain from DigiCert High Assurance CA-3 and that one extended from DigiCert High Assurance EV Root CA SSL_SUBJ="/C=LK/ST=Colombo/L=Colombo/O=Nope/OU=mobile/CN=My root" openssl genrsa -out ra.key 4096 openssl req -new -key ra.key -out ra.csr -subj "$SSL_SUBJ" openssl x509 -req -days 365 -in ra.csr -CA my_cert.pem -CAkey my_ca.pem - set_serial 76964474 -out ra.crt openssl rsa -in ra.key -text > ra_private.pem openssl x509 -in ra.crt -out ra_cert.pem openssl pkcs12 -export -out ca.p12 -inkey my_ca.pem -in my_cert.pem -name "cacert" -passout pass:password openssl pkcs12 -export -out ra.p12 -inkey ra_private.pem -in ra_cert.pem - chain -CAfile my_cert.pem -name "racert" -passout pass:password ssl openssl x509 pki pkcs#12 share|improve this question edited Mar 5 '15 at 20:50 jww 35.7k21112225 asked Mar 5 '15 at 5:20 GPrathap 1,00311624 add a comment| 1 Answer 1 active oldest votes up vote 2 down vote accepted You usually can't use a certificate issued by a public CA to sign anything but client or server traffic; you won't be able to use it for your RA. The error message indicates that there is a problem with the intermediate certificates. Make sure that you add both of Digicert's certificates to the my_cert.pem file before exporting it to pkcs12 share|improve this answer answered Mar 5 '15 at 5:45 Kevin Keane 770111 You mean cat DigiCert.crt my_cert.crt > my_cert.crt and than without -ch
♦ Locked 4 messages Meurer, Jerry L. (EHQ) Reply | Threaded Open this post in threaded view ♦ ♦ | Report Content as Inappropriate http://openssl.6102.n7.nabble.com/Create-a-p12-file-with-a-Verisign-Certificate-and-an-Verisign-Intermediate-Certificate-td15113.html ♦ ♦ Create a p12 file with a Verisign Certificate and an Verisign Intermediate Certificate Create a p12 file with a Verisign Certificate and an Verisign Intermediate Certificate I'm getting an error attempting to create a p12 file using OpenSSL. I can't seem to find anything that will lead me to a resolution. The error I'm getting is: "unable to error unable get local issuer certificate getting chain" My setup is on a Windows server using Tomcat, with Apache. Apache listening on 80, and redirects to 8080 where the application lives. What I did [hope this is not too detailed]: - 2 years ago we purchased and downloaded an SSL cert from Verisign and named it server.crt, - Downloaded the Intermediate cert (chain). error unable to - Created an additional single file with the Intermediate cert, then the SSL cert below that text (concatenated the files with the intermediate on top), saved it as separate file called cachain.crt. - Ran the command: openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name tomcat -Cafile cachain.crt -caname root -chain - This gave me the server.p12 file that is being used right now. This expires in 12 days :( Now: - I gave our midrange team (who have the account with Verisign) a copy of the server.key file from my web server (from last year), they created a cert.csr file, sent it to Verisign - Sent me back a zip file that contained a cert.arm file (not familiar with an ARM file, but the text within is the certificate) cert.csr, and the server.key file - I downloaded a new Intermediate CA (Managed PKI Standard SSL Intermediate CA.txt) and created a file called cachain.crt (concatenated the files with the intermediate on top and the certificate below). Issue: - I've been attempting to create a server.p12 file using my no