Unable to get issuer certificate/Unable to get local issuer certificate

1
votes

I have a requirement where my REST service in node js needs to be consumed over HTTPS. For enabling HTTPS, we need to have 3 params - One key file, once cert file and ca file. For consuming this service, we need to have only the ca file.

I created a set of fresh self signed certificates using Open SSL and I am able to consume my service.

Now, For production deployment, we cannot go with self signed certificates. So, received a key file, cert file and ca file from Certificate authority. Unlike in the self signed certificate I was using, the ca file from Certificate authority contains 2 CA cers -- One Root CA & One Child CA.

While attempting to consume the HTTPS service using this CA file, I am consistently getting error saying : Unable to get issuer certificate/Unable to get local issuer certificate.

Using OpenSSL command, I validated the key & cert files -- Modulus for both match perfectly.

Also, when I attempt to check if the cert was issued using the CA file, I am getting the same error. whereas with the self signed certificates, I am getting Okay response.

Any help would be appreciated.

Thanks in Advance.

1
node.jshttpsopenssl
Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See What topics can I ask about here in the Help Center. Perhaps Super User, Web Apps Stack Exchange or Webmaster Stack Exchange would be a better place to ask.jww
You can use ssllabs.com/ssltest to get informations about what's wrong in your certificate chainTom

1 Answers

3
votes

The issue is likely caused by a missing certificate chain. If you purchased the certificate from a CA, make sure you properly packaged and deployed the intermediate certificate chain along with your final certificate.

Otherwise, your certificate will be flagged as invalid because the client will not be able to traverse the issuance chain from your certificate up to the root certificate.