You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Joost de Heer <sa...@xs4all.nl> on 2006/01/11 12:02:30 UTC

[users@httpd] Re: verify error:num=20:unable to get local issuer certificate

Arun G Nair wrote:
> Hi all,
>     I get this error when trying to connect to my SSL enabled site with
> openssl's s_client.
>
> "verify error:num=20:unable to get local issuer certificate"
>
> I have purchased a CRT signed by AddTrust External Root CA through Comodo.
> ------------------------------------------------------------------------------------------------------------------
>
> debian:/etc/apache# /usr/bin/openssl s_client -connect localhost:443 -cert
> ./ssl.crt/server.crt -key ./ssl.key/server.pem

You miss the -CAfile parameter, which points to a file with the public
keys of the CA's you want to trust.

Joost



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org