1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice

SSL Configuration Error

Discussion in 'Plesk for Linux - 8.x and Older' started by Salvia, Nov 3, 2005.

  1. Salvia

    Salvia Guest

    0
     
    ERROR: Certificate verification error for ***********: unable to get local issuer certificate
    To connect to *********** insecurely, use `--no-check-certificate'.
    Unable to establish SSL connection.


    I get that when running: wget --spider https://************

    This has been driving me nutz. The certificate is a Equifax Global E-Business from Geotrust

    I updated /usr/share/ssl/cacert.pem

    with the latest extraction from mozilla

    I updated openssl.cnf with:
    [ CA_default ]

    dir = /usr/share/ssl # Where everything is kept

    and rebooted the server


    what am I doing wrong???
     
  2. ShadowMan@

    ShadowMan@ Guest

    0
     
    Is your cert a wildcard type cert?

    In any case, have you tried it using the wget option '--no-check-certificate' as the error message states to try??
     
  3. Salvia

    Salvia Guest

    0
     
    Umm that prevents cert checking

    There is no reason this cert should fail, it is saying it cannot find the local issuer certificate

    but as you can see I installed it, it is 100% good cert.


    I am trying to make sure openssl is installed correctly with the CA file.
     
  4. ShadowMan@

    ShadowMan@ Guest

    0
     
    Yes it prevents cert checking, but from your post, all you are doing is checking for existence of the files (--spider), so does it really matter if the cert is valid just to do that??
     
  5. Salvia

    Salvia Guest

    0
     
    It actually is executing a script. setup as a crontab, yes I could use the workaround or I could figure out what the problem is and fix it.


    This is not just the case on this site, it has this problem no matter what site it tries to connect too.


    Why should I leave a problem for clients to ***** about?



    If anyone knows why the CA cert file is not working correctly or maybe I am just configuring it incorrectly please let me know.
     
  6. jaredfine

    jaredfine Guest

    0
     
    I'm experiencing the same exact problem. If anyone has a suggestion I'm all ears.

    Simply put I've setup a SSL cert from GeoTrust using the cert management tool within Plesk. The cert works fine for web browsers yet not for wget and associated apps.

    I'm curious if wget doesn't like the certificate issuing company or if there is somthing else going wrong.

    One thing that is odd is when I view the certs info in a browser, it tells me its a 256bit AES cert, yet I selected 1042 (128bit) in Plesk and 128bit from GeoTrust.
     
  7. Salvia

    Salvia Guest

    0
     
    I never found a solution for this.

    But as far as your 256bit thing goes... 128bit certificates is standard but later browsers are capable of auto negotiating higher encryption with the cert. as far as I know they only guarantee the cert to 128
     
  8. jaredfine

    jaredfine Guest

    0
     
    Thanks for the info Salvia. Its good to know.

    If I do manage to figure out whats going on I'll make sure to post back here.
     
Loading...