SSL Error unable to get local issuer certificate

Question

I m having trouble configuring SSL on a Debian 6 0 32bit server  I m relatively new with SSL so please bear with me  I m including as much information as I can  Note  The true domain name has been changed to protect the identity and integrity of the server   Configuration  The server is running using nginx  It is configured as follows   ssl certificate            usr local nginx priv mysite ca chained crt  ssl certificate key        usr local nginx priv mysite ca key  ssl protocols             SSLv3 TLSv1 TLSv1 1 TLSv1 2  ssl ciphers               HIGH  aNULL  MD5  ssl verify depth          2    I chained my certificate using the method described here  cat mysite ca crt bundle crt  gt  mysite ca chained crt   where mysite ca crt is the certificate given to me by the signing authority  and the bundle crt is the CA certificate also sent to me by my signing authority  The problem is that I did not purchase the SSL certificate directly from GlobalSign  but instead through my hosting provider  Singlehop   Testing  The certificate validates properly on Safari and Chrome  but not on Firefox  Initial searching revealed that it may be a problem with the CA    I explored the answer to a similar question  but was unable to find a solution  as I don t really understand what purpose each certificate serves   I used openssl s s client to test the connection  and received output which seems to indicate the same problem as the similar question  The error is as follows   depth 0  OU Domain Control Validated CN   mysite ca verify error num 20 unable to get local issuer certificate verify return 1 depth 0  OU Domain Control Validated CN   mysite ca verify error num 27 certificate not trusted verify return 1   A full detail of openssl s response  with certificates and unnecessary information truncated  can be found here   I also see the warning   No client certificate CA names sent   Is it possible that this is the problem  How can I ensure that nginx sends these CA names   Attempts to Solve the Problem  I attempted to solve the problem by downloading the root CA directly from GlobalSign  but received the same error  I updated the root CA s on my Debian server using the update-ca-certificates command  but nothing changed  This is likely because the CA sent from my provider was correct  so it led to the certificate being chained twice  which doesn t help   0 s  OU Domain Control Validated CN   mysite ca    i  C BE O GlobalSign nv-sa CN AlphaSSL CA - SHA256 - G2 1 s  O AlphaSSL CN AlphaSSL CA - G2    i  C BE O GlobalSign nv-sa OU Root CA CN GlobalSign Root CA 2 s  C BE O GlobalSign nv-sa OU Root CA CN GlobalSign Root CA    i  C BE O GlobalSign nv-sa OU Root CA CN GlobalSign Root CA   Next Steps  Please let me know if there is anything I can try  or if I just have the whole thing configured incorrectly

User · Accepted Answer

jww is right     you re referencing the wrong intermediate certificate   As you have been issued with a SHA256 certificate  you will need the SHA256 intermediate  You can grab it from here  http   secure2 alphassl com cacert gsalphasha2g2r1 crt

User · Answer

If you are a linux user Update node to a later version by running sudo apt update   sudo apt install build-essential checkinstall libssl-dev  curl -o- https   raw githubusercontent com creationix nvm v0 35 1 install sh   bash  nvm --version  nvm ls  nvm ls-remote  nvm install  version number   this should solve your problem

[security] SSL Error: unable to get local issuer certificate

Examples related to security

Examples related to ssl

Examples related to https

Examples related to openssl

Examples related to ssl-certificate