That file is available as the security/ca-roots port, however.orr:/root# setenv PACKAGESITE ftp://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-6-stable/Latest/orr:/root# pkg_add -vr ca-rootslooking up ftp2.freebsd.orgconnecting to ftp2.freebsd.org:21setting passive modeopening data connectioninitiating transferFetching ftp://ftp2.freebsd.org/pub/FreeBSD/ports/i386/packages-6-stable/Latest/ ca-roots.tbz...x +CONTENTSx +COMMENTx +DESCx +MTREE_DIRSx share/certs/ca-root.crttar Another solution would be to update openssl to 1.0.2 on Jessie but I doubt that this is easier than re-adding the certificate. On Stretch this is not a problem because openssl is on 1.0.2 there. Can you connect UWP apps peer-to-peer? have a peek here
Message #104 received at [email protected] (full text, mbox, reply): From: Andreas Sewe
Help please?! If thats ok then it may be you need to specify CAPATH on the openssl command to the appropriate directory. Suspiciously, that problematic 10.1 machine was validating that exact cert path fine before the upgrade from 10.0.
You can nevertheless proceed and submit your changes if you wish so. Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: not available URL:
Yep, sorry for the regression, but I appreciate the extra info - it helps solve some of my own troubleshooting. -- Kind regards, Michael Severity set to 'important' from 'normal' Request Error 2 At 1 Depth Lookup:unable To Get Issuer Certificate Why wouldn't the part of the Earth facing the Sun a half year before be facing away from it now at noon? Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson. Copy sent to Michael Shuler
Removed blocking bug(s) of 812708: 774882 Request was from [email protected] (Kurt Roeckx) to [email protected] (Fri, 06 May 2016 13:09:08 GMT) Full text and rfc822 format available. Unable To Get Local Issuer Certificate Openssl I have run the following command on both (the IP address is google.com): openssl s_client -showcerts -connect 18.104.22.168:443 -verify 9 The outputs on the different machines are listed below. I'm guessing that that particular Thawte root CA, _i.e. [email protected]:/tmp# wget -O /dev/null --ca-certificate=./no-ip.pem https://no-ip.com --2013-08-26 10:17:17-- https://no-ip.com/ Resolving no-ip.com... 22.214.171.124 Connecting to no-ip.com|126.96.36.199|:443...
Thanks, Rich On 05/02/16 15:40, Michael Shuler wrote: > On 02/05/2016 05:49 AM, Rich wrote: >> subject says it all. > > Please provide a specific URL to test. Thanks. -nandhp $ openssl s_client -connect apis.live.net:443 CONNECTED(00000003) depth=2 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root verify error:num=20:unable to get local issuer certificate verify Zimbra Error 20 At 0 Depth Lookup:unable To Get Local Issuer Certificate Information forwarded to [email protected]: Bug#812708; Package ca-certificates. (Fri, 05 Feb 2016 15:42:13 GMT) Full text and rfc822 format available. Openssl Verify Self Signed Certificate asked 4 years ago viewed 3876 times active 4 years ago Blog Stack Overflow Gives Back 2016 Developers, Webmasters, and Ninjas: What’s in a Job Title?
eg: openssl s_client -CAfile /usr/local/share/certs/ca-root-nss.crt -connect google.com:443 2>&1 depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority verify return:1 but remember: this site's cert path validates as navigate here Thank you for the details! > So I would like to see the "Thawte Premium Server CA" in the Debian > Jessie certificate store again very soon. Also see the source code of the openssl command line tool for more details: http://cvs.openssl.org/fileview?f=openssl/apps/s_client.c&v=1.169 (search for CAfile & SSL_CTX_load_verify_locations). Acknowledgement sent to Yvan - Dugwood <[email protected]>: Extra info received and forwarded to list. Error 18 At 0 Depth Lookup:self Signed Certificate
Afterwards I cannot connect to a specific TLS encrypted API via Curl anymore.The SSL cert in question is signed by thawte.curl https://example.com gives mecurl: (60) SSL certificate problem: unable to get Home » Tech » Curl: unable to get local issuer certificate. Should I find punctures by immersing inner tube in water or hearing brezze or feeling breeze or how else? Check This Out Can somebody explain how I might be able to get my target device verifying the certificate correctly in the same way as my build machine?
SSL Labs rating is A. Verify Error:num=20:unable To Get Local Issuer Certificate Acknowledgement sent to Rémi Rampin
Differentiating Among Assessment Services Review of IPv6 Essentials Posted SANS Network IPS Testing Webcast How the FCC Handles Radio Denial of Service Suggestions for Testing Bypass Switches Teaching Possibilities in Australia
I also compared my /etc/ssl/openssl.cnf with the working 10.2 machine, and that's identical as well. Message #34 received at [email protected] (full text, mbox, reply): From: Rich
Is this my problem? I did > find > out that the certificate issuer is Equifax Secure Certificate > Authority. > Obviously this is not one of the popular CA's such as > Acknowledgement sent to nandhp
openssl s_client -CApath /etc/ssl/certs -connect gmail-smtp-in.l.google.com:25 -starttls smtp CONNECTED(00000003) depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority verify return:1 depth=2 C = US, O = GeoTrust Acknowledgement sent to Tony den Haan
And if it works, e.g.