Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>The first error message is telling you more about the problem:</p> <blockquote> <p>verify error:num=20:unable to get local issuer certificate</p> </blockquote> <p>The issuing certificate authority of the end entity server certificate is</p> <blockquote> <p>VeriSign Class 3 Secure Server CA - G3</p> </blockquote> <p>Look closely in your CA file - you will <em>not</em> find this certificate since it is an intermediary CA - what you found was a <em>similar-named</em> G3 Public Primary CA of VeriSign.</p> <p>But why does the other connection succeed, but this one doesn't? The problem is a misconfiguration of the servers (see for yourself using the <code>-debug</code> option). The "good" server sends the entire certificate chain during the handshake, therefore providing you with the necessary intermediate certificates. </p> <p>But the server that is failing sends you <em>only</em> the end entity certificate, and OpenSSL is not capable of downloading the missing intermediate certificate "on the fly" (which would be possible by interpreting the Authority Information Access extension). Therefore your attempt fails using <code>s_client</code> but it would succeed nevertheless if you browse to the same URL using e.g. FireFox (which does support the "certificate discovery" feature).</p> <p>Your options to solve the problem are either fixing this on the server side by making the server send the entire chain, too, or by passing the missing intermediate certificate to OpenSSL as a client-side parameter.</p>
    singulars
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. VO
      singulars
      1. This table or related slice is empty.
    2. VO
      singulars
      1. This table or related slice is empty.
    3. VO
      singulars
      1. This table or related slice is empty.
 

Querying!

 
Guidance

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload