• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

SSL Configuration Error

S

Salvia

Guest
ERROR: Certificate verification error for ***********: unable to get local issuer certificate
To connect to *********** insecurely, use `--no-check-certificate'.
Unable to establish SSL connection.


I get that when running: wget --spider https://************

This has been driving me nutz. The certificate is a Equifax Global E-Business from Geotrust

I updated /usr/share/ssl/cacert.pem

with the latest extraction from mozilla

I updated openssl.cnf with:
[ CA_default ]

dir = /usr/share/ssl # Where everything is kept

and rebooted the server


what am I doing wrong???
 
Is your cert a wildcard type cert?

In any case, have you tried it using the wget option '--no-check-certificate' as the error message states to try??
 
Umm that prevents cert checking

There is no reason this cert should fail, it is saying it cannot find the local issuer certificate

but as you can see I installed it, it is 100% good cert.


I am trying to make sure openssl is installed correctly with the CA file.
 
Yes it prevents cert checking, but from your post, all you are doing is checking for existence of the files (--spider), so does it really matter if the cert is valid just to do that??
 
It actually is executing a script. setup as a crontab, yes I could use the workaround or I could figure out what the problem is and fix it.


This is not just the case on this site, it has this problem no matter what site it tries to connect too.


Why should I leave a problem for clients to ***** about?



If anyone knows why the CA cert file is not working correctly or maybe I am just configuring it incorrectly please let me know.
 
I'm experiencing the same exact problem. If anyone has a suggestion I'm all ears.

Simply put I've setup a SSL cert from GeoTrust using the cert management tool within Plesk. The cert works fine for web browsers yet not for wget and associated apps.

I'm curious if wget doesn't like the certificate issuing company or if there is somthing else going wrong.

One thing that is odd is when I view the certs info in a browser, it tells me its a 256bit AES cert, yet I selected 1042 (128bit) in Plesk and 128bit from GeoTrust.
 
I never found a solution for this.

But as far as your 256bit thing goes... 128bit certificates is standard but later browsers are capable of auto negotiating higher encryption with the cert. as far as I know they only guarantee the cert to 128
 
Thanks for the info Salvia. Its good to know.

If I do manage to figure out whats going on I'll make sure to post back here.
 
You must log in or register to reply here.

Similar threads

Lenny
Resolved Seeking Assistance with API Communication Issues via SSL on Plesk
Replies
4
Views
665
Lenny
Lenny
hostingprimus
Issue ERROR: Zend_Http_Client_Adapter_Exception: Unable to Connect to ssl://hub.docker.com:443. Error #110: Connection timed out (Socket.php:235)
Replies
10
Views
2K
Anthony
Anthony
P
Issue /usr/local/psa/admin/bin/php: error while loading shared libraries: libcrypto.so.1.0.0: cannot open shared object file: No such file or directory
Replies
0
Views
1K
pablofrp
P
T
Issue Explicit FTP over TLS: Initializing TLS... TLS/TLS-C negotiation failed on control channel
Replies
3
Views
3K
mow
M
F
Resolved Dovecot - unable to connect to ssl://localhost:993 - With fresh updates?
Replies
15
Views
8K
robertne
R
Back
Top