SSL Certificate error: verify error:num=20:unable to get local issuer certificate

Posted by Brian on Server Fault See other posts from Server Fault or by Brian
Published on 2011-01-21T22:24:24Z Indexed on 2012/09/02 3:40 UTC
Read the original article Hit count: 1255

Filed under:
|

I've been trying to get an SSL connection to an LDAPS server (Active Directory) to work, but keep having problems. I tried using this:

openssl s_client -connect the.server.edu:3269 

With the following result:

verify error:num=20:unable to get local issuer certificate 

I thought, OK, well server's an old production server a few years old. Maybe the CA isn't present. I then pulled the certificate from the output into a pem file and tried:

openssl s_client -CAfile mycert.pem -connect the.server.edu:3269

And that didn't work either.

What am I missing? Shouldn't that ALWAYS work?

© Server Fault or respective owner

Related posts about ssl

Related posts about openssl