Error Unable To Get Issuer Certificate Getting Chain
Contents |
the customer the flexibility to re-use this certificate on a different webserver if needed. This error unable to get issuer certificate getting chain pkcs12 meant I used openssl to generate the certificate and then created error unable to get local issuer certificate getting chain a pkcs12 keystore. Create the private key and certificate request Create the certificate key openssl genrsa -des3 error unable to get local issuer certificate getting chain openssl -out customercert.key 2048 Remove the passphrase from the key openssl rsa -in customercert.key -out customercert.key.new mv customercert.key.new customercert.key Create the Certificate request openssl req -new -key customercert.key -out customercert.csr
Verify Error:num=20:unable To Get Local Issuer Certificate
Create the Keystore file for use with tomcat and keytool I had some trouble getting this to work. This is a very simple procedure when working with certs signed by GoDaddy, but certs from Verisign needed some extra hand-holding. There is some information on how to do this is found at http://conshell.net/wiki/index.php/OpenSSL_to_Keytool_Conversion_tips. I did not follow the error 20 at 0 depth lookup:unable to get local issuer certificate instructions on this site. I ended up creating a keystore in the pkcs12 format instead of the default jks format. This site above does have instructions for converting a pkcs12 keystore to a jks format, if you require. The signed certificate was downloaded to clients.adaptivetcr.com.cer. The Secure Site with EV Root bundle was downloaded to intermediate.crt. When I first attempted to create the keystore file, I received the error below openssl pkcs12 -export -chain -CAfile intermediate.crt -in customercert.cer \ -inkey customercert.key -out customercert.keystore -name tomcat -passout pass:changeit\ Error unable to get issuer certificate getting chain. Now the interesting thing about this error is that if you attempt a openssl verify using both cert file and intermediate.crt, it does not complain and gives the “OK” message. After a bit of testing, I found that you need to make a new CAfile to be used, that combines the cacerts file from the openssl distribution and the intermediate.crt file. cat intermediate.crt /etc/ssl/certs/ca-certificates.crt > allcacerts.crt openssl pkcs12 -export -chain -CAfile allcacerts.crt -in customercert.
here for a quick overview of the site Help Center Detailed answers to any questions you might have verify error num 20 unable to get local issuer certificate Meta Discuss the workings and policies of this site About Us
Unable To Get Local Issuer Certificate Git
Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with
Curl Unable To Get Local Issuer Certificate
us Stack Overflow Questions Jobs Documentation Tags Users Badges Ask Question x Dismiss Join the Stack Overflow Community Stack Overflow is a community of 4.7 million programmers, just http://www.fourproc.com/2010/06/23/create-a-ssl-keystore-for-a-tomcat-server-using-openssl-.html like you, helping each other. Join them; it only takes a minute: Sign up Unable to get local issuer certificate while processing chain up vote 1 down vote favorite I do have private key(my_ca.key) and public key(my_cert.crt) which is signed by DigiCert. Now I want to create RA(Registration Authority) and sign it by my private key . http://stackoverflow.com/questions/28870572/unable-to-get-local-issuer-certificate-while-processing-chain Here is the way I tried to do that. But when I try to export private and public key as pkcs12 file I have been getting error like this unable to get local issuer certificate getting chain. No idea how to solve this. Here my_cert.crt is extended from DigiCert High Assurance CA-3 and that one extended from DigiCert High Assurance EV Root CA SSL_SUBJ="/C=LK/ST=Colombo/L=Colombo/O=Nope/OU=mobile/CN=My root" openssl genrsa -out ra.key 4096 openssl req -new -key ra.key -out ra.csr -subj "$SSL_SUBJ" openssl x509 -req -days 365 -in ra.csr -CA my_cert.pem -CAkey my_ca.pem - set_serial 76964474 -out ra.crt openssl rsa -in ra.key -text > ra_private.pem openssl x509 -in ra.crt -out ra_cert.pem openssl pkcs12 -export -out ca.p12 -inkey my_ca.pem -in my_cert.pem -name "cacert" -passout pass:password openssl pkcs12 -export -out ra.p12 -inkey ra_private.pem -in ra_cert.pem - chain -CAfile my_cert.pem -name "racert" -passout pass:password ssl openssl x509 pki pkcs#12 share|improve this question edited Mar 5 '15 at 20:50 jww 35.4k21112224 asked Mar 5 '15 at 5:20 GPrathap 95811524 add a comment| 1 Ans
Symantec Products & Services Partners Support My Account SSL Certificates Symantec™ Safe Site Code Signing Two-Factor Authentication https://knowledge.symantec.com/support/registrar-name/index?page=content&actp=CROSSLINK&id=SO17070 Risk-Based Authentication Public Key Infrastructure (PKI) Services All Products and Services I NEED TO Secure My Website Manage My Security Infrastructure Increase Consumer Confidence http://openssl.6102.n7.nabble.com/Create-a-p12-file-with-a-Verisign-Certificate-and-an-Verisign-Intermediate-Certificate-td15113.html Detect Fraud Online Digitally Sign My Code INFORMATION FOR Enterprise Small Business SSL Partner Programs Symantec™ Safe Site Partner Program Authentication Partner Programs All unable to Partner Programs PARTNER CENTRE SSL and Symantec™ Safe Site partner resources. User name: Password: Email support for login help. BECOME A PARTNER Become an SSL Partner Become a Symantec™ Safe Site Partner Become a Technical Alliance Partner Become an Authentication Services Reseller SSL Certificates Support Symantec™ Safe Site Support unable to get Code Signing Support Digital IDs for Secure Email Support Managed PKI Support All Support KNOWLEDGE CENTRE Get answers to your questions. Step 1: Select a product SSL Certificates Support Symantec™ Safe Site Support Code Signing Support Digital IDs for Secure Email Support Managed PKI Support Managed PKI for SSL Support VIP Authentication Service Support VIP Access for Mobile Identity Protection Centre Support VIP Fraud Detection Service Support Example: What is Seal-in-Search? Error: Please complete both steps. SSL Certificates Symantec™ Trust Centre Sign In Symantec™ Safe Site Symantec™ Trust Centre Sign In Code Signing Code Signing Portal for Microsoft Windows Mobile Sign In(Requires a valid Administrator ID.) Partners Symantec™ Partner Centre Sign In CHECK ORDER STATUS Enter the order number from your confirmation email. Sorry...Please supply a document ID for the article you are searching for. Contact Support Contact Authentication Services Knowledge Center
♦ Locked 4 messages Meurer, Jerry L. (EHQ) Reply | Threaded Open this post in threaded view ♦ ♦ | Report Content as Inappropriate ♦ ♦ Create a p12 file with a Verisign Certificate and an Verisign Intermediate Certificate Create a p12 file with a Verisign Certificate and an Verisign Intermediate Certificate I'm getting an error attempting to create a p12 file using OpenSSL. I can't seem to find anything that will lead me to a resolution. The error I'm getting is: "unable to get local issuer certificate getting chain" My setup is on a Windows server using Tomcat, with Apache. Apache listening on 80, and redirects to 8080 where the application lives. What I did [hope this is not too detailed]: - 2 years ago we purchased and downloaded an SSL cert from Verisign and named it server.crt, - Downloaded the Intermediate cert (chain). - Created an additional single file with the Intermediate cert, then the SSL cert below that text (concatenated the files with the intermediate on top), saved it as separate file called cachain.crt. - Ran the command: openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name tomcat -Cafile cachain.crt -caname root -chain - This gave me the server.p12 file that is being used right now. This expires in 12 days :( Now: - I gave our midrange team (who have the account with Verisign) a copy of the server.key file from my web server (from last year), they created a cert.csr file, sent it to Verisign - Sent me back a zip file that contained a cert.arm file (not familiar with an ARM file, but the text within is the certificate) cert.csr, and the server.key file - I downloaded a new Intermediate CA (Managed PKI Standard SSL Intermediate CA.txt) and created a file called cachain.crt (concatenated the files with the intermediate on top and the certificate below). Issue: - I've been attempting to create a server.p12 file using my notes from las