The first error message is telling you more about the problem: verify error:num=20:unable to get local issuer certificate The issuing certificate authority of the end entity server certificate is VeriSign Class 3 Secure Server CA – G3 Look closely in your CA file – you will not find this certificate since it is an intermediary CA – … Read more
This was totally my bad. I was using standard node http.request on a part of the code which should be sending requests to only http adresses. Seems like the db had a single https address which was queried with a random interval. Simply, I was trying to send a http request to https.
This was totally my bad. I was using standard node http.request on a part of the code which should be sending requests to only http adresses. Seems like the db had a single https address which was queried with a random interval. Simply, I was trying to send a http request to https.
cacert.pem is a bundle of CA certificates that you use to verify that the server is really the correct site you’re talking to (when it presents its certificate in the SSL handshake). The bundle can be used by tools like curl or wget, as well as other TLS/SSL speaking software. The bundle should contain the … Read more
The server certificate is invalid, either because it is signed by an invalid CA (internal CA, self signed,…), doesn’t match the server’s name or because it is expired. Either way, you need to find how to tell to the Python library that you are using that it must not stop at an invalid certificate if … Read more
How to solve this problem: download and extract cacert.pem following the instructions at https://curl.se/docs/caextract.html save it on your filesystem somewhere (for example, XAMPP users might use C:\xampp\php\extras\ssl\cacert.pem) in your php.ini, put this file location in the [curl] section (putting it in the [openss] section is also a good idea): openssl.cafile = “C:\xampp\php\extras\ssl\cacert.pem” restart your webserver (e.g. Apache) and PHP FPM server if applicable … Read more
curl 7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2 You are using a very old version of curl. My guess is that you run into the bug described 6 years ago. Fix is to update your curl.
Does your cacerts.pem file hold a single certificate? Since it is a PEM, have a look at it (with a text editor), it should start with —–BEGIN CERTIFICATE—– and end with —–END CERTIFICATE—– Finally, to check it is not corrupted, get hold of openssl and print its details using openssl x509 -in cacerts.pem -text
Thoughts (based on pain in the past): do you have DNS and line-of-sight to the server? are you using the correct name from the certificate? is the certificate still valid? is a badly configured load balancer messing things up? does the new server machine have the clock set correctly (i.e. so that the UTC time is correct … Read more
iOS 9 and OSX 10.11 require TLSv1.2 SSL for all hosts you plan to request data from unless you specify exception domains in your app’s Info.plist file. The syntax for the Info.plist configuration looks like this: If your application (a third-party web browser, for instance) needs to connect to arbitrary hosts, you can configure it … Read more