Menu
I am trying to add SSL certificate on Heroku using windows 8. I am referring Heroku's ssl-endpoint article to add it. Everything is working fine till last step, but when I enter
curl -kvI https://www.example.com
It says
SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
Here is the complete output:
* Adding handle: conn: 0x606458
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x606458) send_pipe: 1, recv_pipe: 0
* About to connect() to www.example.com port 443 (#0)
* Trying 107.21.111.209...
* Connected to www.example.com (107.21.111.209) port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES128-SHA
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=Heroku, Inc.; CN=*.her
okuapp.com
* start date: 2014-01-21 00:00:00 GMT
* expire date: 2017-05-19 12:00:00 GMT
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 Hig
h Assurance Server CA
* SSL certificate verify result: unable to get local issuer certificate (
20), continuing anyway.
> HEAD / HTTP/1.1
> User-Agent: curl/7.30.0
> Host: www.example.com
> Accept: */*
>
< HTTP/1.1 200 OK
HTTP/1.1 200 OK
* Server Cowboy is not blacklisted
< Server: Cowboy
Server: Cowboy
< Connection: keep-alive
Connection: keep-alive
< X-Powered-By: Express
X-Powered-By: Express
< Accept-Ranges: bytes
Accept-Ranges: bytes
< Date: Thu, 02 Apr 2015 05:14:25 GMT
Date: Thu, 02 Apr 2015 05:14:25 GMT
< Cache-Control: public, max-age=0
Cache-Control: public, max-age=0
< Last-Modified: Tue, 31 Mar 2015 14:21:19 GMT
Last-Modified: Tue, 31 Mar 2015 14:21:19 GMT
< Etag: W/"9e3-2781781373"
Etag: W/"9e3-2781781373"
< Content-Type: text/html; charset=UTF-8
Content-Type: text/html; charset=UTF-8
< Content-Length: 2531
Content-Length: 2531
< Set-Cookie: connect.sid=s%3AiRH8B-WEim3II5fgpXfF1otZXeqvmdMi.ibAcnpY2ATqERWyMJ
3c%2BptFMqgQLwrFQvAoOW6zh9HM; Path=/; HttpOnly
Set-Cookie: connect.sid=s%3AiRH8B-WEim3II5fgpXfF1otZXeqvmdMi.ibAcnpY2ATqERWyMJ3c
%2BptFMqgQLwrFQvAoOW6zh9HM; Path=/; HttpOnly
< Via: 1.1 vegur
Via: 1.1 vegur
<
* Connection #0 to host www.example.com left intact
What's wrong here? Thank you in advance.
548
When ssl certificate problem unable to get local issuer certificate error is caused by a self-signed certificate, the fix is to add the certificate to the trusted certificate store. Open the file ca-bundle. crt located in the directory above, then copy and paste the Git SSL certificate to the end of the file.
I combined both SSL certificates and then uploaded that on heroku. Command to combine both SSL certificate is:
cat certificate.crt gd_bundle.crt > combine.crt
It will combine certificate.crt and gd_bundle.crt to create combine.crt
130
You need to tell curl the location of your trusted root certificate store. Try:
curl -vI --cacert /etc/ssl/cert.pem
or
curl -vI --capath /etc/ssl/certs/
(The exact path to your system trusted root store varies by OS/distro, so it may not be exactly one of the above.)
38
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
