You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Arun G Nair <ar...@gmail.com> on 2006/01/10 14:20:48 UTC
[users@httpd] verify error:num=20:unable to get local issuer certificate
Hi all,
I get this error when trying to connect to my SSL enabled site with
openssl's s_client.
"verify error:num=20:unable to get local issuer certificate"
I have purchased a CRT signed by AddTrust External Root CA through Comodo.
------------------------------------------------------------------------------------------------------------------
debian:/etc/apache# /usr/bin/openssl s_client -connect localhost:443 -cert
./ssl.crt/server.crt -key
./ssl.key/server.pem
CONNECTED(00000003)
depth=1 /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust
External CA Root
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/2.5.4.17=22655/ST=Virginia/L=Stephens City/2.5.4.9=Stephens
City/2.5.4.9=5395 Main Street/O=My Company Inc/OU=Sales/OU=InstantSSL/CN=
www.myco.com
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust
External CA Root
1 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust
External CA Root
i:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=
http://www.usertrust.com/CN=UTN
...[snip]...
--------------------------------------------------------------------------------------------------------------------
Waiting for your replies..
Regards,
Arun
[users@httpd] Re: verify error:num=20:unable to get local issuer certificate
Posted by Joost de Heer <sa...@xs4all.nl>.
Arun G Nair wrote:
> Hi all,
> I get this error when trying to connect to my SSL enabled site with
> openssl's s_client.
>
> "verify error:num=20:unable to get local issuer certificate"
>
> I have purchased a CRT signed by AddTrust External Root CA through Comodo.
> ------------------------------------------------------------------------------------------------------------------
>
> debian:/etc/apache# /usr/bin/openssl s_client -connect localhost:443 -cert
> ./ssl.crt/server.crt -key ./ssl.key/server.pem
You miss the -CAfile parameter, which points to a file with the public
keys of the CA's you want to trust.
Joost
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org