ssl - unable to get local issuer certificate issue

This typically means openssl is unable to verify the certificate authenticity in the certificate store. Some openssl version unable to validate against the installed certificates that normally stored in /etc/ssl/certs.

To verify the certificate using a bundle file  

openssl s_client -connect example.com:443 -CAfile bundle.crt


To verify the certificate by providing a truststore

openssl s_client -connect example.com:443 -CApath /path/to/truststore


Other command that might be of use

You can check the fingerprint using 

openssl x509 -in stca.crt -sha256 -fingerprint -noout



Comments

Post a Comment

Popular posts from this blog

The specified initialization vector (IV) does not match the block size for this algorithm

Image
If you're getting  exception when trying to assigned key to a symmetric key and getting error message below :- The specified initialization vector (IV) does not match the block size for this algorithm And your code probably look like something below :- Then you need to go into debug mode and start looking into the supported size for IV as shown in diagram below :- As you can see, IV is 16 bytes, so you need to provide 16 bytes. The same goes for Key field too, if you're adding anything to it. As long as you provide a valid key size, then we're good and you're code will be ready.
Read more