Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

curl: (60) SSL certificate problem: unable to get local issuer certificate

Hi,
I have a problem with HTTPS Inspection to access a site.
When I do a curl_cli I get the error "curl: (60) SSL certificate problem: unable to get local issuer certificate".
In the dashboard the certificate exists, but when I look inside the bundle certificate via ssh I can't see the root certificate.
I tried to insert the certificate by hand, and when I curl with the --cacert $CPDIR/conf/ca-bundle.crt parameter no error is displayed, but when I curl without specifying the path, which should take the default path, I get the same error.
Does anyone have any ideas how to resolve this error?

0 Kudos
4 Replies
Highlighted
Admin
Admin

If you're going through a gateway doing HTTPS Inspection, the only certificate you really need to trust is the gateway CA.
So why not create a file with just the HTTPS Inspection CA key and refer to that with the --cacert flag?
0 Kudos
Highlighted

I'm catching this error doing a curl_cli straight from the gateway to the site.
The user cannot open the site, and I only see Inpect in the logs with user source.
The certificate I am experiencing is Amazon Root CA 1. (https://docs.aws.amazon.com/iot/latest/developerguide/server-authentication.html#server-authenticati...).

0 Kudos
Highlighted
Admin
Admin

Is the CA keys specified in the URL you mentioned in the CA Certificate Store for HTTPS Inspection?
0 Kudos
Highlighted

Sorry. I found that curl_cli returns certificate error when it is declared with https:// in the URL.

Thanks for your time.

0 Kudos