https://community.checkpoint.com/t5/General-Topics/curl-60-SSL-certificate-problem-unable-to-get-local-issuer/m-p/67763#M13845 <P>Hi,<BR />I have a problem with HTTPS Inspection to access a site.<BR />When I do a curl_cli I get the error "curl: (60) SSL certificate problem: unable to get local issuer certificate".<BR />In the dashboard the certificate exists, but when I look inside the bundle certificate via ssh I can't see the root certificate.<BR />I tried to insert the certificate by hand, and when I curl with the&nbsp;--cacert $CPDIR/conf/ca-bundle.crt parameter no error is displayed, but when I curl without specifying the path, which should take the default path, I get the same error.<BR />Does anyone have any ideas how to resolve this error?</P> Mon, 18 Nov 2019 20:15:42 GMT Rodrigo_Silva 2019-11-18T20:15:42Z https://community.checkpoint.com/t5/General-Topics/curl-60-SSL-certificate-problem-unable-to-get-local-issuer/m-p/67763#M13845 <P>Hi,<BR />I have a problem with HTTPS Inspection to access a site.<BR />When I do a curl_cli I get the error "curl: (60) SSL certificate problem: unable to get local issuer certificate".<BR />In the dashboard the certificate exists, but when I look inside the bundle certificate via ssh I can't see the root certificate.<BR />I tried to insert the certificate by hand, and when I curl with the&nbsp;--cacert $CPDIR/conf/ca-bundle.crt parameter no error is displayed, but when I curl without specifying the path, which should take the default path, I get the same error.<BR />Does anyone have any ideas how to resolve this error?</P> Mon, 18 Nov 2019 20:15:42 GMT https://community.checkpoint.com/t5/General-Topics/curl-60-SSL-certificate-problem-unable-to-get-local-issuer/m-p/67763#M13845 Rodrigo_Silva 2019-11-18T20:15:42Z https://community.checkpoint.com/t5/General-Topics/curl-60-SSL-certificate-problem-unable-to-get-local-issuer/m-p/67983#M13898 If you're going through a gateway doing HTTPS Inspection, the only certificate you really need to trust is the gateway CA.<BR />So why not create a file with just the HTTPS Inspection CA key and refer to that with the --cacert flag? Thu, 21 Nov 2019 10:08:28 GMT https://community.checkpoint.com/t5/General-Topics/curl-60-SSL-certificate-problem-unable-to-get-local-issuer/m-p/67983#M13898 PhoneBoy 2019-11-21T10:08:28Z https://community.checkpoint.com/t5/General-Topics/curl-60-SSL-certificate-problem-unable-to-get-local-issuer/m-p/68009#M13905 <P>I'm catching this error doing a curl_cli straight from the gateway to the site.<BR />The user cannot open the site, and I only see Inpect in the logs with user source.<BR />The certificate I am experiencing is Amazon Root CA 1. (<A href="https://docs.aws.amazon.com/iot/latest/developerguide/server-authentication.html#server-authentication-certs" target="_blank">https://docs.aws.amazon.com/iot/latest/developerguide/server-authentication.html#server-authentication-certs</A>).</P> Thu, 21 Nov 2019 13:26:59 GMT https://community.checkpoint.com/t5/General-Topics/curl-60-SSL-certificate-problem-unable-to-get-local-issuer/m-p/68009#M13905 Rodrigo_Silva 2019-11-21T13:26:59Z https://community.checkpoint.com/t5/General-Topics/curl-60-SSL-certificate-problem-unable-to-get-local-issuer/m-p/68178#M13940 Is the CA keys specified in the URL you mentioned in the CA Certificate Store for HTTPS Inspection?<BR /> Sat, 23 Nov 2019 03:45:23 GMT https://community.checkpoint.com/t5/General-Topics/curl-60-SSL-certificate-problem-unable-to-get-local-issuer/m-p/68178#M13940 PhoneBoy 2019-11-23T03:45:23Z https://community.checkpoint.com/t5/General-Topics/curl-60-SSL-certificate-problem-unable-to-get-local-issuer/m-p/68709#M14013 <P>Sorry. I found that curl_cli returns certificate error when it is declared with https:// in the URL.</P><P>Thanks for your time.</P> Wed, 27 Nov 2019 18:09:19 GMT https://community.checkpoint.com/t5/General-Topics/curl-60-SSL-certificate-problem-unable-to-get-local-issuer/m-p/68709#M14013 Rodrigo_Silva 2019-11-27T18:09:19Z