Error Unable To Get Local Issuer
Contents |
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow error unable to get local issuer certificate getting chain openssl the company Business Learn more about hiring developers or posting ads with us Stack Overflow
Error Unable To Get Local Issuer Certificate Getting Chain. Pkcs12
Questions Jobs Documentation Tags Users Badges Ask Question x Dismiss Join the Stack Overflow Community Stack Overflow is a community of verify error:num=20:unable to get local issuer certificate 4.7 million programmers, just like you, helping each other. Join them; it only takes a minute: Sign up SSL Error: unable to get local issuer certificate up vote 29 down vote favorite 8 I'm having trouble
Error 20 At 0 Depth Lookup:unable To Get Local Issuer Certificate
configuring SSL on a Debian 6.0 32bit server. I'm relatively new with SSL so please bear with me. I'm including as much information as I can. Note: The true domain name has been changed to protect the identity and integrity of the server. Configuration The server is running using nginx. It is configured as follows: ssl_certificate /usr/local/nginx/priv/mysite.ca.chained.crt; ssl_certificate_key /usr/local/nginx/priv/mysite.ca.key; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; ssl_verify_depth 2; I chained my certificate using unable to get local issuer certificate php the method described here cat mysite.ca.crt bundle.crt > mysite.ca.chained.crt where mysite.ca.crt is the certificate given to me by the signing authority, and the bundle.crt is the CA certificate also sent to me by my signing authority. The problem is that I did not purchase the SSL certificate directly from GlobalSign, but instead through my hosting provider, Singlehop. Testing The certificate validates properly on Safari and Chrome, but not on Firefox. Initial searching revealed that it may be a problem with the CA. I explored the answer to a similar question, but was unable to find a solution, as I don't really understand what purpose each certificate serves. I used openssl's s_client to test the connection, and received output which seems to indicate the same problem as the similar question. The error is as follows: depth=0 /OU=Domain Control Validated/CN=*.mysite.ca verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /OU=Domain Control Validated/CN=*.mysite.ca verify error:num=27:certificate not trusted verify return:1 A full detail of openssl's response (with certificates and unnecessary information truncated) can be found here. I also see the warning: No client certificate CA names sent Is it possible that this is the problem? How can I ensure that nginx sends these CA names? Attempts to Solve the Problem I attempted to solve the problem by do
views 1 My Problem On a Linux host, attempting to set up syslog-ng shipping
Unable To Get Local Issuer Certificate Windows
to an offsite collector over TLS results in errors such as: Feb
Unable To Get Local Issuer Certificate Puppet
18 16:42:33 my.amazingserver.tld syslog-ng[987]: SSL error while writing stream; tls_error='SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed' Feb 18 unable to get local issuer certificate git 16:42:33 my.amazingserver.tld syslog-ng[987]: I/O error occurred while writing; fd='21', error='Broken pipe (32)' Feb 18 16:42:33 my.amazingserver.tld syslog-ng[987]: I/O error occurred while writing; fd='21', error='Broken pipe (32)' http://stackoverflow.com/questions/24372942/ssl-error-unable-to-get-local-issuer-certificate Feb 18 16:42:33 my.amazingserver.tld syslog-ng[987]: Syslog connection broken; fd='21', server='AF_INET(1.1.1.1:443)', time_reopen='60' Feb 18 16:43:33 my.amazingserver.tld syslog-ng[987]: Syslog connection established; fd='21', server='AF_INET(1.1.1.1:443)', local='AF_INET(0.0.0.0:0)' Feb 18 16:43:33 my.amazingserver.tld syslog-ng[987]: Certificate validation failed; subject='CN=GeoTrust DV SSL CA - G4, OU=Domain Validated SSL, O=GeoTrust Inc., C=US', issuer='CN=GeoTrust Global CA, O=GeoTrust Inc., C=US', error='unable to get local issuer http://thenubbyadmin.com/2015/02/19/fixing-unable-to-get-local-issuer-certificate-and-certificate-verify-failed-in-syslog-ng/ certificate', depth='1' Feb 18 16:34:31 my.amazinghost.com syslog-ng[987]: Certificate validation failed; subject='CN=GeoTrust DV SSL CA - G4, OU=Domain Validated SSL, O=GeoTrust Inc., C=US', issuer='CN=GeoTrust Global CA, O=GeoTrust Inc., C=US', error='unable to get local issuer certificate', depth='1' As well as SSL error while writing stream; tls_error='SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed' Running openssl s_client -connect my.syslog.endpoint.tld:443 gets, after the certificate chain, the following error: Verify return code: 20 (unable to get local issuer certificate) My Solution Find the CA certificate that is missing as indicated by the error message in the logs (in my case it was the GeoTrust Global CA certificate). Then follow the procedure for configuring the syslog-ng client for TLS. The Long Story The first clue to the problem is in the error message: Feb 18 16:34:31 my.amazinghost.com syslog-ng[987]: Certificate validation failed; subject='CN=GeoTrust DV SSL CA - G4, OU=Domain Validated SSL, O=GeoTrust Inc., C=US', issuer='CN=GeoTrust Global CA, O=GeoTrust Inc., C=US', error='unable to get local issuer certificate', depth='1' The connect
Sign in Pricing Blog Support Search GitHub This repository Watch 610 Star 10,647 Fork 2,176 npm/npm Code Issues 2,366 Pull requests 70 Projects 0 Wiki Pulse https://github.com/npm/npm/issues/9580 Graphs New issue UNABLE_TO_GET_ISSUER_CERT_LOCALLY #9580 Open dogukandemir opened this Issue Sep 14, 2015 · 17 comments Projects None yet Labels node-bug support Milestone No milestone Assignees No one assigned 10 participants dogukandemir commented Sep 14, 2015 I'm trying to install ionic behind firewall but I've got this error. .npmrc file: registry=https://registry.npmjs.org/ proxy=http://{domain}%5C{username}:{mypassword}@{proxyip}:{port}/ https-proxy=http://{domain}%5C{username}:{mypassword}@{proxyip}:{port}/ npm-debug.log file: 0 info it worked unable to if it ends with ok 1 verbose cli [ 'C:\\Program Files\\nodejs\\node.exe', 1 verbose cli 'C:\\Program Files\\nodejs\\node_modules\\npm\\bin\\npm-cli.js', 1 verbose cli 'install', 1 verbose cli '-g', 1 verbose cli 'ionic' ] 2 info using npm@2.14.2 3 info using node@v4.0.0 4 verbose install initial load of C:\Users\\{username}\AppData\Roaming\npm\package.json 5 verbose readDependencies loading dependencies from C:\Users\\{username}\AppData\Roaming\npm\package.json 6 silly cache add args [ 'ionic', null ] 7 verbose unable to get cache add spec ionic 8 silly cache add parsed spec Result { 8 silly cache add raw: 'ionic', 8 silly cache add scope: null, 8 silly cache add name: 'ionic', 8 silly cache add rawSpec: '', 8 silly cache add spec: '*', 8 silly cache add type: 'range' } 9 silly addNamed ionic@* 10 verbose addNamed "*" is a valid semver range for ionic 11 silly addNameRange { name: 'ionic', range: '*', hasData: false } 12 silly mapToRegistry name ionic 13 silly mapToRegistry using default registry 14 silly mapToRegistry registry https://registry.npmjs.org/ 15 silly mapToRegistry uri https://registry.npmjs.org/ionic 16 verbose addNameRange registry:https://registry.npmjs.org/ionic not in flight; fetching 17 verbose request uri https://registry.npmjs.org/ionic 18 verbose request no auth needed 19 info attempt registry request try #1 at 15:00:47 20 verbose request id c660984a1ef9cecb 21 http request GET https://registry.npmjs.org/ionic 22 info retry will retry, error on last attempt: Error: unable to get local issuer certificate 23 info attempt registry request try #2 at 15:00:57 24 http request GET https://registry.npmjs.org/ionic 25 info retry will retry, error on last attempt: Error: unable to get local issuer certificate 26 info attempt reg