unable to get local issuer certificate

bencdll

By bencdll
in General Support

Recommended Posts

bencdll Noob

bencdll

Posted
Posted

When I go to a particular website in any browser on any computer I try, the certificate shows as valid. When I access the same site on Unraid (v6.6.6, via wget, etc) I have to force it to ignore certificate errors. I ran this command to check the certs and get the following results (redacted): 

# openssl s_client -showcerts -connect website:443

CONNECTED(00000003)
depth=0 OU = Domain Control Validated, OU = GGSSL Wildcard SSL, CN = *.website
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 OU = Domain Control Validated, OU = GGSSL Wildcard SSL, CN = *.website
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:OU = Domain Control Validated, OU = GGSSL Wildcard SSL, CN = *.website
   i:C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----
---
Server certificate
subject=OU = Domain Control Validated, OU = GGSSL Wildcard SSL, CN = *.website

issuer=C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2476 bytes and written 454 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated

SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: B699B03B3CC9FB649AF35520ACAF4A5746BF1684B0677CB81A4AB3229384B9E0
    Session-ID-ctx: 
    Master-Key: D48D30ED8D6CB54D8738E1E5008123F0F9B029D35D6C1D850EFF1D093B93DE00D7DAF154C1CB2F8FA1D00BE3FC8290AF
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:


    Start Time: 1547645618
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
    Extended master secret: no
---
read:errno=0

Am I missing a root CA, or something else?

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing