Openssl Pkcs12 Error Unable To Get Issuer Certificate Getting Chain
Contents |
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta openssl unable to get issuer certificate getting chain Discuss the workings and policies of this site About Us Learn more unable to get local issuer certificate openssl about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Stack
Openssl Pkcs12 Chain
Overflow Questions Jobs Documentation Tags Users Badges Ask Question x Dismiss Join the Stack Overflow Community Stack Overflow is a community of 6.2 million programmers, just like you, helping
Verify Error:num=20:unable To Get Local Issuer Certificate
each other. Join them; it only takes a minute: Sign up Unable to get local issuer certificate while processing chain up vote 1 down vote favorite I do have private key(my_ca.key) and public key(my_cert.crt) which is signed by DigiCert. Now I want to create RA(Registration Authority) and sign it by my private key . Here is the openssl create keystore way I tried to do that. But when I try to export private and public key as pkcs12 file I have been getting error like this unable to get local issuer certificate getting chain. No idea how to solve this. Here my_cert.crt is extended from DigiCert High Assurance CA-3 and that one extended from DigiCert High Assurance EV Root CA SSL_SUBJ="/C=LK/ST=Colombo/L=Colombo/O=Nope/OU=mobile/CN=My root" openssl genrsa -out ra.key 4096 openssl req -new -key ra.key -out ra.csr -subj "$SSL_SUBJ" openssl x509 -req -days 365 -in ra.csr -CA my_cert.pem -CAkey my_ca.pem - set_serial 76964474 -out ra.crt openssl rsa -in ra.key -text > ra_private.pem openssl x509 -in ra.crt -out ra_cert.pem openssl pkcs12 -export -out ca.p12 -inkey my_ca.pem -in my_cert.pem -name "cacert" -passout pass:password openssl pkcs12 -export -out ra.p12 -inkey ra_private.pem -in ra_cert.pem - chain -CAfile my_cert.pem -name "racert" -passout pass:password ssl openssl x509 pki pkcs#12 share|improve this question edited Mar 5 '15 at 20:50 jww 35.7k21112225 asked Mar 5 '15 at 5:20 GPrathap 1,00311624 add a comment| 1 Answer 1 active oldest votes up vote
Support: http://stackoverflow.com/questions/28870572/unable-to-get-local-issuer-certificate-while-processing-chain Order Processing Email Form Technical Support Email Form Knowledge Center Search Tips Search About Us|Legal|Contact Us|Site Map|FreeSSL Certificates https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&actp=CROSSLINK&id=SO17070 © RapidSSL. RapidSSL is a leading certificate authority, enabling secure socket layer (SSL) encryption trusted by over 99% of browsers and customers worldwide for web site security. We specialize in fast issuance of low cost and free SSL certificates and wildcard SSL certificates. RapidSSL Certificates, RapidSSL Wildcard Certificates and FreeSSL™ Certificates.
♦ Locked 4 messages Meurer, Jerry L. (EHQ) Reply | Threaded Open this post in threaded view ♦ ♦ | Report Content as Inappropriate ♦ ♦ Create a p12 file with a Verisign Certificate and http://openssl.6102.n7.nabble.com/Create-a-p12-file-with-a-Verisign-Certificate-and-an-Verisign-Intermediate-Certificate-td15113.html an Verisign Intermediate Certificate Create a p12 file with a Verisign Certificate and an Verisign Intermediate Certificate I'm getting an error attempting to create a p12 file using OpenSSL. I can't seem to find anything that will lead me to a resolution. The error I'm getting is: "unable to get local issuer certificate getting chain" My setup is on a Windows server using Tomcat, with Apache. Apache listening on 80, and redirects unable to to 8080 where the application lives. What I did [hope this is not too detailed]: - 2 years ago we purchased and downloaded an SSL cert from Verisign and named it server.crt, - Downloaded the Intermediate cert (chain). - Created an additional single file with the Intermediate cert, then the SSL cert below that text (concatenated the files with the intermediate on top), saved it as separate file called cachain.crt. - Ran unable to get the command: openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name tomcat -Cafile cachain.crt -caname root -chain - This gave me the server.p12 file that is being used right now. This expires in 12 days :( Now: - I gave our midrange team (who have the account with Verisign) a copy of the server.key file from my web server (from last year), they created a cert.csr file, sent it to Verisign - Sent me back a zip file that contained a cert.arm file (not familiar with an ARM file, but the text within is the certificate) cert.csr, and the server.key file - I downloaded a new Intermediate CA (Managed PKI Standard SSL Intermediate CA.txt) and created a file called cachain.crt (concatenated the files with the intermediate on top and the certificate below). Issue: - I've been attempting to create a server.p12 file using my notes from last year. Installed OpenSSL under c:\openssl -Copied all of the files to c:\openssl\bin Issue the command: C:\OpenSSL\bin>openssl pkcs12 -export -in cert.crt -inkey server.key -o ut server.p12 -name tomcat -CAfile cachain2.crt -caname root -chain Loading 'screen' into random state - done Error unable to get local issuer certificate getting chain. Viewed all of the files using Textpad to ensure Notepad didn't add any funky characters, and also reprod