openssl verifyでunable to get local issuer certificateになる
openssl verifyでunable to get local issuer certificateになる
openssl verify -show_chain -verbose /etc/letsencrypt/live/test.example.com/fullchain.pem
CN = test.example.com
error 20 at 0 depth lookup: unable to get local issuer certificate
error /etc/letsencrypt/live/test.example.com/fullchain.pem: verification failed
openssl verify -show_chain -verbose /etc/letsencrypt/live/test.example.com/fullchain.pem
CN = test.example.com
error 20 at 0 depth lookup: unable to get local issuer certificate
error /etc/letsencrypt/live/test.example.com/fullchain.pem: verification failed
これは、openssl verifyが、中間証明書がチェーンされた証明書を想定していないことによるもの。
中間証明書のLet's Encrypt Authority X3を-untrusted指定で教えてあげると良い。
openssl verify -show_chain -verbose -untrusted /etc/letsencrypt/live/test.example.com/fullchain.pem /etc/letsencrypt/live/test.example.com/fullchain.pem
/etc/letsencrypt/live/test.example.com/fullchain.pem: OK
Chain:
depth=0: CN = test.example.com (untrusted)
depth=1: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 (untrusted)
depth=2: O = Digital Signature Trust Co., CN = DST Root CA X3
-untrustedで指定する証明書は、中間証明書だけにして、 /etc/letsencrypt/live/test.example.com/chain.pem でも良い。
参考
Author And Source
この問題について(openssl verifyでunable to get local issuer certificateになる), 我々は、より多くの情報をここで見つけました https://qiita.com/kyokuheki/items/8861d2fb677011d2fe7a著者帰属:元の著者の情報は、元のURLに含まれています。著作権は原作者に属する。
Content is automatically searched and collected through network algorithms . If there is a violation . Please contact us . We will adjust (correct author information ,or delete content ) as soon as possible .