This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Rodrigo_Silva
Contributor
‎2019-11-18 12:15 PM

curl: (60) SSL certificate problem: unable to get local issuer certificate

Hi,
I have a problem with HTTPS Inspection to access a site.
When I do a curl_cli I get the error "curl: (60) SSL certificate problem: unable to get local issuer certificate".
In the dashboard the certificate exists, but when I look inside the bundle certificate via ssh I can't see the root certificate.
I tried to insert the certificate by hand, and when I curl with the --cacert $CPDIR/conf/ca-bundle.crt parameter no error is displayed, but when I curl without specifying the path, which should take the default path, I get the same error.
Does anyone have any ideas how to resolve this error?

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2019-11-21 02:08 AM

If you're going through a gateway doing HTTPS Inspection, the only certificate you really need to trust is the gateway CA.
So why not create a file with just the HTTPS Inspection CA key and refer to that with the --cacert flag?
0 Kudos
Rodrigo_Silva
Contributor
‎2019-11-21 05:26 AM
In response to PhoneBoy

I'm catching this error doing a curl_cli straight from the gateway to the site.
The user cannot open the site, and I only see Inpect in the logs with user source.
The certificate I am experiencing is Amazon Root CA 1. (https://docs.aws.amazon.com/iot/latest/developerguide/server-authentication.html#server-authenticati...).

0 Kudos
PhoneBoy
Admin
Admin
‎2019-11-22 07:45 PM
In response to Rodrigo_Silva

Is the CA keys specified in the URL you mentioned in the CA Certificate Store for HTTPS Inspection?
0 Kudos
Rodrigo_Silva
Contributor
‎2019-11-27 10:09 AM
In response to PhoneBoy

Sorry. I found that curl_cli returns certificate error when it is declared with https:// in the URL.

Thanks for your time.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events