Rapidssl Error Unable To Get Issuer Certificate Getting Chain
Contents |
Support:
Comodo Root Certificate
Order Processing Email Form Technical Support Email Form Knowledge Center Search Tips Search About Us|Legal|Contact Us|Site Map|FreeSSL Certificates rapidssl intermediate certificate © RapidSSL. RapidSSL is a leading certificate authority, enabling secure socket layer (SSL) encryption trusted by over 99% of browsers and customers worldwide for web site security. We specialize in fast issuance of low cost and free SSL certificates and wildcard SSL certificates. RapidSSL Certificates, RapidSSL Wildcard Certificates and FreeSSL™ Certificates.
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more
Geotrust Root Certificate
about hiring developers or posting ads with us Server Fault Questions Tags Users Badges Unanswered
Tomcat Ssl
Ask Question _ Server Fault is a question and answer site for system and network administrators. Join them; it only takes a minute: Sign ssl checker up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top Why is my RapidSSL Certificate chain is not trusted on ubuntu? up vote 3 down https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=INFO1548 vote favorite 3 I have a website that works perfectly with Chrome & other browser but i get some errors with PHP in CLI mode so i'm investigating it, running this: openssl s_client -showcerts -verify 32 -connect dev.carlipa-online.com:443 Quite suprisingly my HTTPS appears untrusted with a Verify return code: 27 (certificate not trusted) Here is the raw output : verify depth is 32 CONNECTED(00000003) depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify http://serverfault.com/questions/391487/why-is-my-rapidssl-certificate-chain-is-not-trusted-on-ubuntu error:num=20:unable to get local issuer certificate verify return:1 depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify error:num=27:certificate not trusted verify return:1 depth=1 C = US, O = "GeoTrust, Inc.", CN = RapidSSL CA verify return:1 depth=0 serialNumber = khKDXfnS0WtB8DgV0CAdsmWrXl-Ia9wZ, C = FR, O = *.carlipa-online.com, OU = GT44535187, OU = See www.rapidssl.com/resources/cps (c)12, OU = Domain Control Validated - RapidSSL(R), CN = *.carlipa-online.com verify return:1 So GeoTrust Global CA appears to be not trusted on the system (Ubuntu 11.10). Added Equifax_Secure_CA to try to solve this... But i get in this case Verify return code: 19 (self signed certificate in certificate chain) ! Raw output : verify depth is 32 CONNECTED(00000003) depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority verify error:num=19:self signed certificate in certificate chain verify return:1 depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority verify return:1 depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA verify return:1 depth=1 C = US, O = "GeoTrust, Inc.", CN = RapidSSL CA verify return:1 depth=0 serialNumber = khKDXfnS0WtB8DgV0CAdsmWrXl-Ia9wZ, C = FR, O = *.carlipa-online.com, OU = GT44535187, OU = See www.rapidssl.com/resources/cps (c)12, OU = Domain Control Validated - RapidSSL(R), CN = *.carlipa-online.com verify return:1 Edit Looks like my server does not trust/provide the Equifax Root CA, however i do correctly have the
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about http://stackoverflow.com/questions/22390465/cant-create-keystore-for-tomcat-with-key-cert-and-cas-certificate-chain-length Stack Overflow the company Business Learn more about hiring developers or posting ads with us Stack Overflow Questions Jobs Documentation Tags Users Badges Ask Question x Dismiss Join the Stack Overflow Community Stack Overflow is a https://wiki.zimbra.com/wiki/Fix_depth_lookup:unable_to_get_issuer_certificate community of 6.2 million programmers, just like you, helping each other. Join them; it only takes a minute: Sign up Can't create keystore for Tomcat with key, cert and CAs Certificate chain length: 1 up unable to vote 0 down vote favorite I can't get my certificate bought from RapidSSL working on Tomcat but on Apache. RapidSSL requires that you install 2 intermediate ca files. When I create a keystore from the private key, certificate and the intermediary CA:s I can see Entry type: PrivateKeyEntry Certificate chain length: 1 The two intermediate certificates does not seem to be picked up or something like that. I have private unable to get key the certificate the primary and secondary CA:s from RapidSSL (as pem, pkcs7 and separate .crt) https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=AR1548 I can get it working on an apache server with the following settings: SSLCertificateFile /root/ssl_certs/rapidssl.crt SSLCertificateKeyFile /root/ssl_certs/privatekey.key SSLCACertificateFile /root/ssl_certs/intermediate.crt I have heard of something called a root certificate, and I don't know what that is. Is that something that I need? I have heard that Tomcat should e able to use PKCS12 so I did this to try to create a pkcs12 file: openssl pkcs12 -export -in rapidssl.crt -inkey privatekey.key -out mycert.p12 -name tomcat -CAfile intermediate.crt -caname root -chain But I get the error Error unable to get local issuer certificate getting chain. The intermediate.crt has the primary and secondary CA:s in it. tomcat ssl openssl ssl-certificate keystore share|improve this question asked Mar 13 '14 at 20:43 taz0k 134114 What does this have to do with OpenSSL? –jww Mar 13 '14 at 21:58 possible duplicate of create keystore for tomcat using .key ,.ca and .cert file –jww Mar 13 '14 at 22:18 In my defense I had to install and use openssl to make it working. –taz0k Mar 14 '14 at 12:34 add a comment| 2 Answers 2 active oldest votes up vote 2 down vote acce
Fix depth lookup:unable to get issuer certificate Zimbra Tech Center Certified Fix depth lookup:unable to get issuer certificate Contents 1 Fix depth lookup:unable to get issuer certificate 1.1 Purpose 1.2 Resolution 1.3 Additional Content Fix depth lookup:unable to get issuer certificate KB 21724 Last updated on 07/11/2015 Last updated by Jorge de la Cruz Mingo 0.00 (0 votes) Verified in: ZCS 8.6 ZCS 8.5 ZCS 8.0 - This is certified documentation and is protected for editing by Zimbra Employees & Moderators only. KB 21724 Last updated on 07/11/2015 0.00 (0 votes) - This is certified documentation and is protected for editing by Zimbra Employees & Moderators only. - This article is a Work in Progress, and may be unfinished or missing sections. Purpose Solve a common problem, depth lookup:unable to get issuer certificate, with SSL certificates when trying to: Install a new SSL certificate. Install a wildcard SSL certificate from another server. Install an SSL certificate from another server: moved or restored from a backup. Renew an SSL certificate, when the intermediate CA was changed from the SSL provider. Resolution This error means the certificate path or chain is broken and you are missing certificate files. In most cases, the intermediate cert or root CA is affected. Right now, almost every SSL vendor has 2 or more CA Intermediates - sha1 and sha2 (256). The best solution is to ask for the most updated root CA and intermediate certificates from the SSL provider. Then place all of them in a file, in order, and try again. Mix the root CA and the Intermediate (Comodo example): cat ComodoRSAca_ROOT.crt ComodoRSAca_inter1.crt ComodoRSAOrgValidationca_inter2.crt > ca_bundle.crt Copy the CA Bundle to the proper path: sudo cp ca_bundle.crt /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt Verify the SSL certificate against the private key: sudo /opt/zimbra/bin/zmcertmgr verifycrt comm commercial.key commercial.crt Deploy the SSL certificate> sudo /opt/zimbra/bin/zmcertmgr deploycrt comm star.domain.com.crt ca_bundle.crt Check the deployed SSL certificate> sudo /opt/zimbra/bin/zmcertmgr viewdeployedcrt Additional Content No additional content Verified