Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

OpenSSL Verify return code: 20 (unable to get local issuer certificate)

Tags:

openssl

I am running Windows Vista and am attempting to connect via https to upload a file in a multi part form but I am having some trouble with the local issuer certificate. I am just trying to figure out why this isnt working now, and go back to my cURL code later after this is worked out. Im running the command:

openssl s_client -connect connect_to_site.com:443 

It gives me an digital certificate from VeriSign, Inc., but also shoots out an error:

Verify return code: 20 (unable to get local issuer certificate) 

What is the local issuer certificate? Is that a certificate from my own computer? Is there a way around this? I have tried using -CAfile mozilla.pem file but still gives me same error.

like image 387
bryan sammon Avatar asked Jul 18 '12 18:07

bryan sammon


People also ask

How do I Fix Unable to get local Issuer certificate?

When ssl certificate problem unable to get local issuer certificate error is caused by a self-signed certificate, the fix is to add the certificate to the trusted certificate store. Open the file ca-bundle. crt located in the directory above, then copy and paste the Git SSL certificate to the end of the file.

Where is git SSL certificate?

For instance, the trusted certificate store directory for Git Bash is C:\Program Files\Git\mingw64\ssl\certs.


2 Answers

I had the same problem and solved it by passing path to a directory where CA keys are stored. On Ubuntu it was:

openssl s_client -CApath /etc/ssl/certs/ -connect address.com:443 
like image 102
Jan Wrobel Avatar answered Sep 18 '22 00:09

Jan Wrobel


This error also happens if you're using a self-signed certificate with a keyUsage missing the value keyCertSign.

like image 28
Conrado Avatar answered Sep 22 '22 00:09

Conrado