SSL Error: unable to get local issuer certificate

An SSL certificate serves as a vital safeguard for securing the communication between a server and a browser, thwarting any unauthorized interception of sensitive data by third parties. It facilitates SSL/TLS encryption, encapsulating the website's public key and identity, while encompassing essential information for ensuring the integrity and authenticity of the website.


how to solve unable to get local issuer certificate

Reason for unable to get local issuer certificate

The SSL certificate serves a crucial role in verifying authentication and ensuring secure data exchange between the server and the client, achieved through the HTTPS protocol. During the SSL handshake, the client receives the server's certificate and its private key to establish the SSL connection. To ensure trust in the server's certificate and prevent man-in-the-middle attacks, the client must possess the CA certificate that signed the server certificate. However, in this case, the TLS server fails to send the complete certificate chain during the handshake, specifically omitting the intermediate certificate, which is essential according to standards.

Solution: Unable to get Local Issuer Certificate

The most effective solution to address this issue is to obtain a reliable SSL certificate from a trustworthy Certificate Authority (CA) and properly install it. However, it is essential for the server administrators to address the root cause of the problem, as this issue is related to the server setup. By rectifying the server configuration, the complete certificate chain, including the intermediate certificate, should be sent during the handshake, ensuring a secure and seamless SSL connection.

Change php.ini (Maintain SSL)

  1. Download cacert.pem from https://curl.haxx.se/ca/cacert.pem
  2. Then, copy cacert.pem into your version of zend/openssl.
    For example, '/usr/local/openssl0.9.8/certs/cacert.pem'.
  3. Mdify the CURL configuration by adding:
    "cainfo = '/usr/local/openssl-0.9.8/certs/cacert.pem'"

Without Altering php.ini file (Maintain SSL)

$ch = curl_init(); $certificate_location = '/usr/local/openssl-0.9.8/certs/cacert.pem'; curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, $certificate_location); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $certificate_location);

For .CRT Format

  1. Go for the SSL bundle – ca-bundle.crt
  2. You can acquire the SSL bundle by copying the below URL content on your server.
  3. https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt

Restart PHP

Different servers have different ways to restart PHP. After restarting PHP and see whether the CURL is able to read HTTPS URL or not.

Git Users

To help Git find the CA bundle, use the below-mentioned command:

git config –system http.sslCAPath /absolute/path/to/git/certificates

Temporary Fix

Use the following command to disable the verification of your SSL certificate :

git config –global http.sslVerify false

If neither of the two options work, consider removing and reinstalling Git .


how to fix SSL Error: unable to get local issuer certificate

Disable SSL (Not advisable)

$ch = curl_init(); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

Disabling SSL certificate verification is a possible approach, but it should only be used for experimental purposes and never in a production environment. By disabling certificate verification, your program will bypass the standard SSL authentication process, which can potentially lead to security vulnerabilities and expose your system to potential threats. It is crucial to use this method with extreme caution and only for testing purposes, while ensuring that proper SSL certificate verification is enabled in a production setting to maintain a secure and trustworthy communication channel between the server and the client.

Conclusion

The SSL error "unable to get local issuer certificate" occurs when the server's certificate chain is not properly configured, and the client cannot verify the authenticity of the certificate. This error can be resolved by ensuring that the server's SSL certificate is purchased from a trusted Certificate Authority (CA) and properly installed, while also making sure the server's configuration includes the complete certificate chain to establish a secure SSL connection.






Related Topics
  1. How to Print Screen
  2. How to View Hidden Files in Windows 11, 10, 8 and 7
  3. Fahrenheit to Celsius Temperatire Conversion Formula
  4. How to zip files - Compress and uncompress files
  1. How to Use Robocopy
  2. How to WMIC ?
  3. How to recover deleted files
  4. Microsoft Outlook POP3 Settings, Microsoft Outlook IMAP Settings
  5. How to Update Windows 11
  6. What is Three-Tier Architecture ?
  7. What Is an API (Application Program Interface) ?
  8. Differences Between HTML4 And HTML5
  9. How to choose the best antivirus software
  10. How to Embed a YouTube Video in Your Website
  11. what is the difference between x64 and x86
  12. Learn Multiplication of Tables
  13. What is a Proxy Server?
  14. How to use a Google Android phone as a Wi-Fi hotspot
  15. How to automatically redirect a Web Page to another URL
  16. How to Download YouTube Videos
  17. What is a Phishing Attack ? How can I avoid them?
  18. What is a Call To Action?
  19. What's the Difference Between JPG and PNG?
  20. What Is a "500 Internal Server Error" and How Do I Fix It?
  21. What is the difference between OTF and TTF fonts
  22. How to enable flash player on chrome
  23. How to Select a Video Editing Software
  24. Why am I getting a "Your connection is not private error" in Chrome
  25. How to block "Deceptive site ahead" security error?
  26. Crypto for beginners: What is cryptocurrency?
  27. What is Bitcoin and how does it work?
  28. How to fix HTTP Error 502 Bad gateway
  29. GET url returns "data:text/html,chromewebdata"
  30. Chrome:Your Clock Is Ahead / Your Clock Is Behind Error
  31. How to fix ERR_UNKNOWN_URL_SCHEME
  32. SSL Error on Port 443
  33. How to Fix This Site Can't Be Reached Error in Chrome
  34. A disk read error occurred, Press Ctrl+Alt+Del to restart
  35. How to use System Restore on Windows 10
  36. What is HTTP error 503 and how do you fix it?
  37. How to get help in Windows 10
  38. How To Disable Windows 10 Forced Updates
  39. How to Fix Google Chrome Error - ERR_SSL_PROTOCOL_ERROR
  40. How to reset windows 10 password
  41. What is Blockchain?
  42. How To Fix: ERR_PROXY_CONNECTION_FAILED
  43. Unable to send mail through smtp.gmail.com
  44. How to fix DNS_PROBE_FINISHED_NXDOMAIN
  45. How to use GTMetrix to Speed up Your Website?
  46. How to fix System Thread Exception Not Handled Error
  47. How to fix ERR_INTERNET_DISCONNECTED Error
  48. WiFi Connected But No Internet Access – How to Fix?
  49. How to fix a HTTP Error 400: Bad Request?
  50. What is Deprecation
  51. How to Fix a 403 Forbidden Error
  52. What is the maximum length of a URL in different browsers?
  53. How to Fix the ERR_CONNECTION_TIMED_OUT Error
  54. What does localhost:8080 mean?
  55. How to reduce initial server response time
  56. 414 Request-URI Too Long - HTTP
  57. Message channel closed before a response was received