Unable to get local issuer certificate linux

Bitbucket Support

Knowledge base

Products

Jira Software

Project and issue tracking

Jira Service Management

Service management and customer support

Jira Core

Manage any business project

Confluence

Bitbucket

Git code management

Resources

Documentation

Usage and admin help

Community

Answers, support, and inspiration

Suggestions and bugs

Feature suggestions and bug reports

Marketplace

Billing and licensing

Frequently asked questions

Viewport

Confluence

SSL certificate problem: Unable to get local issuer certificate

Related content

Still need help?

The Atlassian Community is here for you.

Platform Notice: Server and Data Center Only — This article only applies to Atlassian products on the server and data center platforms .

Problem

The following is seen on the command line when pushing or pulling:

SSL Certificate problem: unable to get local issuer

Cause

This error occurs when a self-signed certificate cannot be verified.

Workaround

Tell git to not perform the validation of the certificate using the global option:

git config —global http.sslBackend schannel

git config —global http.sslVerify false

Please be advised disabling SSL verification globally might be considered a security risk and should be implemented only temporarily

Resolution — Client Side

Please notice that we refer to the Certificate Authority in this article by the acronym CA.

There are several ways this issue has been resolved previously. Below we suggest possible solutions that should be run on the client side:

Ensure the root cert is added to git.exe’s certificate store

Tell Git where to find the CA bundle, either by running:

where /absolute/path/to/git/certificates is the path to where you placed the file that contains the CA certificate(s).

or by copying the CA bundle to the /bin directory and adding the following to the gitconfig file:

Ensure that the complete certificate chain is present in the CA bundle file, including the root cert.

Resolution — Server Side

This issue can also happen on configurations where Bitbucket Server is secured with an SSL-terminating connector rather than a proxy

1. Ensure that the Java KeyStore has the entire certificate chain (Intermediate CA and Root CA)
   • View the Certificate Chain Details inside the KeyStore using a tool like the KeyStore Explorer to check

The following is seen on the command line when pushing or pulling: SSL Certificate problem: unable to get local issuer. This error occurs when a self-signed certificate cannot be verified.

Источник

Ubuntu WSL — «curl: (60) SSL certificate problem: unable to get local issuer certificate» #3843

Comments

seanwhitepc commented Dec 19, 2019 — with docs.microsoft.com

When running this command in WSL Ubuntu:

I get the following error:

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
gpg: no valid OpenPGP data found.

I have «Ubuntu» installed, not the specific versions from the Microsoft Store.

Here is the verbose output:

sudo curl -v https://packages.microsoft.com/keys/microsoft.asc | sudo apt-key add —
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 —:—:— —:—:— —:—:— 0* Trying 40.76.35.62.

• TCP_NODELAY set
• Connected to packages.microsoft.com (40.76.35.62) port 443 (#0)
• ALPN, offering h2
• ALPN, offering http/1.1
• successfully set certificate verify locations:
• CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
  > [5 bytes data]
• TLSv1.3 (OUT), TLS handshake, Client hello (1):
  > [512 bytes data]
• TLSv1.3 (IN), TLS handshake, Server hello (2):
  < [81 bytes data]
• TLSv1.2 (IN), TLS handshake, Certificate (11):
  < [2542 bytes data]
• TLSv1.2 (OUT), TLS alert, Server hello (2):
  > [2 bytes data]
• SSL certificate problem: unable to get local issuer certificate
• stopped the pause stream!
  0 0 0 0 0 0 0 0 —:—:— —:—:— —:—:— 0
• Closing connection 0
  curl: (60) SSL certificate problem: unable to get local issuer certificate
  More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
gpg: no valid OpenPGP data found.

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: d0f184b8-7d7c-9376-06bf-a08f10ccf30f
• Version Independent ID: 5c233e69-31e2-51ec-7820-2b5326a7a64c
• Content: Configure Linux repositories for SQL Server 2017 and 2019 — SQL Server
• Content Source: docs/linux/sql-server-linux-change-repo.md
• Product: sql
• Technology: linux
• GitHub Login: @VanMSFT
• Microsoft Alias: vanto

The text was updated successfully, but these errors were encountered:

Источник

Certificate Verification Error: unable to get local issuer certificate #1608

Comments

passos commented Oct 13, 2016 •

Steps to reproduce the problem:

1. on CentOS 7, install all dependencies
2. install mitmproxy from source code https://github.com/mitmproxy/mitmproxy.git, commit: 8be0d78
3. setup proxy server on mobile, install mitmproxy certificate from mitm.it
4. open https://baidu.com in browser

What is the expected behavior?

What went wrong?

browser shows an error message:

502 Bad Gateway. Certificate Verification Error for www.baidu.com: unable to get local issuer certificate (errno: 20, depth: 2)

https://baidu.com or https://google.com doesn’t work, but some https sites like github.com works. Here is the log for https://github.com

Any other comments? What have you tried so far?

1. I tried to update the certificates on centos by yum install ca-certificates , doesn’t work.
2. I tried to verify the certificate by openssl on this centos server, it looks good

1. I tried to deploy same version on my Macbook laptop, it works.

Mitmproxy Version: 0.18, commit: 8be0d78
Operating System: CentOS 7

The text was updated successfully, but these errors were encountered:

mhils commented Oct 14, 2016

Thanks for the report!
I cannot reproduce this on Ubuntu or Windows. If I understand you correctly, you also tried OSX and that worked, so it’s presumably a CentOS issue? mitmproxy uses the certifi CA bundle by default, not the OS ca-certificates bundle.

Two questions for you:

1. Which certifi version are you running?
2. Which version of OpenSSL are you using (as reported by mitmproxy —sysinfo )?

mhils commented Oct 22, 2016

Closing this for inactivity, please let comment here if the issue still persists!

danielguerra69 commented Oct 24, 2016

I had the same using libressl. With openssl it’s working fine

mounty1 commented Nov 3, 2016

Also encountering this on OEL, which is based on CentOS/Red-Hat:

chinalu commented Nov 18, 2016

I have the same problem:

mitmproxy —sysinfo

Mitmproxy version: 0.18.2
Python version: 2.7.11
Platform: Linux-2.6.32-431.el6.x86_64-x86_64-with-centos-6.5-Final
SSL version: OpenSSL 1.0.1e-fips 11 Feb 2013
Linux distro: CentOS 6.5 Final

zts-rbecker commented Nov 18, 2016 •

Seeing the same issue trying to access www.google.com through mitmproxy:
mitmproxy —sysinfo

Mitmproxy version: 0.18.2
Python version: 2.7.11
Platform: Linux-2.6.32-431.29.2.el6.x86_64-x86_64-with-centos-6.5-Final
SSL version: OpenSSL 1.0.1e-fips 11 Feb 2013
Linux distro: CentOS 6.5 Final

SriVR commented Dec 1, 2016

Me too facing same issues
mitmproxy —sysinfo
Mitmproxy version: 0.18.2
Python version: 3.5.2
Platform: Linux-2.6.32-642.4.2.el6.x86_64-x86_64-with-redhat-6.8-Santiago
SSL version: OpenSSL 1.0.1e-fips 11 Feb 2013
Linux distro: Red Hat Enterprise Linux Workstation 6.8 Santiago

Son9o commented Dec 18, 2016

https://www.google.com/loc/m/api
← Certificate Verification Error for www.google.com: unable to get local issuer certificate (errno: 20, depth: 2)
Mitmproxy version: 0.19
Python version: 3.5.1
Platform: Linux-3.10.0-514.2.2.el7.x86_64-x86_64-with-centos-7.3.1611-Core
SSL version: OpenSSL 1.0.1e-fips 11 Feb 2013
Linux distro: CentOS Linux 7.3.1611 Core

using as transparent proxy for android app debugging, could it be perhaps that android app is checking against it’s own bundle?

mhils commented Dec 18, 2016

The error you are seeing happens when we cannot validate the server’s certificate. This may happen because the remote’s server cert is self-signed, but looking at the other reports here, CentOS/RHEL does something weird.
Certificate verification errors on the client end would trigger a different message.

kennytm commented Dec 24, 2016

If you don’t care about security, you may run mitmproxy —insecure (or mitmweb —insecure ) to skip verification.

avyang commented Jan 19, 2017 •

I have the same issue on centos 7:
Mitmproxy version: 1.0.2
Python version: 3.6.0
Platform: Linux-3.10.0-327.10.1.el7.x86_64-x86_64-with-centos-7.2.1511-Core
SSL version: OpenSSL 1.0.1e-fips 11 Feb 2013
Linux distro: CentOS Linux 7.2.1511 Core

but no problem on ubuntu 16.04:
Mitmproxy version: 1.0.1
Python version: 3.5.2
Platform: Linux-4.4.0-59-generic-x86_64-with-Ubuntu-16.04-xenial
SSL version: OpenSSL 1.0.2g 1 Mar 2016
Linux distro: Ubuntu 16.04 xenial

Источник

OpenSSL «unable to get local issuer certificate» after following guide #363

Comments

siddo420 commented Feb 25, 2016

I followed every step but I still get the error when I run test openssl command

I used Knuff and that seems to work fine and sending notifications to my development app from the same Macbook.

Also, I need the certificate and key to use for pushd which uses node-apn behind the scenes.

The text was updated successfully, but these errors were encountered:

argon commented Feb 25, 2016

Which openssl step fails?

siddo420 commented Feb 25, 2016

I did not get any errors from openssl command, but when I run the test command

I get this error

I have already checked ports etc and Knuff works so that should not be an issue.

argon commented Feb 25, 2016

You probably need to include the intermediate certificates in the certificate file.

If your certificate is newly generated you will likely need the WWDR Certificate (Expiring 02/07/23) along with the Apple Inc. Root Certificate.

Download each of them, convert them to PEM format and append to your cert.pem file

argon commented Feb 25, 2016

You should use more descriptive titles for your issues. I can see you frequently open issues with useless titles like «question» or «error». You’re not helping anyone by doing that, in fact some people are less likely to look at it properly.

Give issues more descriptive titles and people are going to find it much easier to help you. That way everyone benefits.

siddo420 commented Feb 25, 2016

sorry about the title . I am sick and tired of fighting with these Apple certificate issues for the past several days (first Safari push which still does not work and now this iOS thing).

You’re right, certificate is new. I followed the steps you mentioned but same error again. I can’t seem to get past this thing.

openssl x509 -inform der -in entrust_2048_ca.cer -outform pem >> cert.pem

but got an error: unable to load certificate

argon commented Feb 25, 2016

If you could email me the certificate at the email address on my github profile I will fix it for you.

Источник

SSL Certificate Problem: Unable to get Local Issuer Certificate #8900

Comments

duddukurimd commented Aug 7, 2020

We have a shared resource collection that is being used by our team. Till now we are able to hit our applications from Postman, but suddenly one after one resource started getting the below error message while hitting our applications.

Error: Unable to get local issuer certificate.

We need to activate SSL validation for hitting our applications.

Image 1: even when we have added the valid certificate and correct configuration, getting the below error:

Image 2: When we diable the SSL validation, getting the below error while hitting our application API’s

Note: we need a Certificate as part of our request, we have added the necessary certificate details in our local postman and it was working as expected till 2 days back. Suddenly around 4-5 resources started facing the above the mentioned error message while hitting our APIs. For remaining resource who has a similar setup is working as expected and we tried multiple options that we found around Postman forum and no luck in resolving the issue. Now we are worried if all the resources might get impacted due to the same issue.

Looking for fix on the above request.

The text was updated successfully, but these errors were encountered:

Источник