Error Unable To Get Local Issuer Certificate Getting Chain. Pkcs12
Contents |
the customer the flexibility to re-use this certificate on a different openssl pkcs12 error unable to get local issuer certificate getting chain webserver if needed. This meant I used openssl to generate
Ssl Error Unable To Get Local Issuer Certificate
the certificate and then created a pkcs12 keystore. Create the private key and certificate request Create
Error 20 Unable To Get Local Issuer Certificate
the certificate key openssl genrsa -des3 -out customercert.key 2048 Remove the passphrase from the key openssl rsa -in customercert.key -out customercert.key.new mv customercert.key.new customercert.key Create the
Openssl Unable To Get Issuer Certificate Getting Chain
Certificate request openssl req -new -key customercert.key -out customercert.csr Create the Keystore file for use with tomcat and keytool I had some trouble getting this to work. This is a very simple procedure when working with certs signed by GoDaddy, but certs from Verisign needed some extra hand-holding. There is some information on unable to get local issuer certificate openssl how to do this is found at http://conshell.net/wiki/index.php/OpenSSL_to_Keytool_Conversion_tips. I did not follow the instructions on this site. I ended up creating a keystore in the pkcs12 format instead of the default jks format. This site above does have instructions for converting a pkcs12 keystore to a jks format, if you require. The signed certificate was downloaded to clients.adaptivetcr.com.cer. The Secure Site with EV Root bundle was downloaded to intermediate.crt. When I first attempted to create the keystore file, I received the error below openssl pkcs12 -export -chain -CAfile intermediate.crt -in customercert.cer \ -inkey customercert.key -out customercert.keystore -name tomcat -passout pass:changeit\ Error unable to get issuer certificate getting chain. Now the interesting thing about this error is that if you attempt a openssl verify using both cert file and intermediate.crt, it does not complain and gives the “OK” message. After a bit of testing, I found that you need to make a new CAfile to be u
James Chase-4 Reply | Threaded Open this post in threaded view ♦ ♦ | Report Content as Inappropriate ♦ ♦ issue with p12 openssl pkcs12 chain creation and network solutions EV SSL I have done this multiple years verify error:num=20:unable to get local issuer certificate in a row with the exact same process but now I get the following error when I try error 20 at 0 depth lookup:unable to get local issuer certificate to create my SSL: openssl pkcs12 -export -chain -CAfile cachain.crt -out my.domain.com.p12 -inkey my.domain.com.key -in MY.DOMAIN.COM.crt Error unable to get local issuer certificate getting chain. I concatenated all the intermediate http://www.fourproc.com/2010/06/23/create-a-ssl-keystore-for-a-tomcat-server-using-openssl-.html files in the order they suggest, and according to the process I have documented that has worked the past few years. I also downloaded the pre-built chain file where they already concatenated the needed files together but I get the same error. I also tried the same chain file I used last year -- same results. Googling is not helping http://openssl.6102.n7.nabble.com/issue-with-p12-creation-and-network-solutions-EV-SSL-td28621.html me understand this error. Anyone know what could be going on here with the EV SSL creation for Network Solutions? -- "Beware of all enterprises that require new clothes." -- Henry David Thoreau James Chase-4 Reply | Threaded Open this post in threaded view ♦ ♦ | Report Content as Inappropriate ♦ ♦ Re: issue with p12 creation and network solutions EV SSL I have done this multiple years in a row with the exact same process but now I get the following error when I try to create my SSL: openssl pkcs12 -export -chain -CAfile cachain.crt -out my.domain.com.p12 -inkey my.domain.com.key -in MY.DOMAIN.COM.crt Error unable to get local issuer certificate getting chain. I just tried requesting a new certificate with a new CSR and re-downloaded all the files but still have the same results. Can someone offer any advice? I'm at a total loss here. The only way I can get the p12 created is by not including the chain, but then the SSL is worthless -- "Beware of all enterprises that require new clothes." -- Henry Dav
Start here for a quick overview of the site Help Center Detailed answers to http://serverfault.com/questions/671616/apache-ssl-unable-to-get-local-issuer-certificate any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Server Fault Questions Tags Users Badges Unanswered Ask Question _ Server Fault is a question and answer site unable to for system and network administrators. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top apache ssl - unable to get local issuer certificate up vote 5 down vote favorite unable to get 1 Somehow just today suddenly my seafile client throwed this error. I don't believe its a seafile issue, because my openssl throws the exact same error: user@nb-user:~$ echo |openssl s_client -connect seafile.mydomain.ch:443 CONNECTED(00000003) depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Class 2 Primary Intermediate Server CA verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain 0 s:/description=5RygJ9fx8e2SBLzw/C=CH/ST=Thurgau/L=Frauenfeld/O=mydomain GmbH/CN=*.mydomain.ch/emailAddress=postmaster@mydomain.ch i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 2 Primary Intermediate Server CA 1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 2 Primary Intermediate Server CA i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority --- Server certificate -----BEGIN CERTIFICATE----- MIIGqzCCBZOgAwIBAgIDAjmGMA0GCSqGSIb3DQEBBQUAMIGMMQswCQYDVQQGEwJJ TDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0 [... some more lines] -----END CERTIFICATE----- subject=/description=5RygJ9fx8e2SBLzw/C=CH/ST=Thurgau/L=Frauenfeld/O=mydomain GmbH/CN=*.mydomain.ch/emailAddress=postmaster@mydomain.ch issuer=/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 2 Primary Intermediate Server CA --- No client certificate CA names sent --- SSL handshake has read 3997 bytes and written 431 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public