SSL Certificate verify result

Question

I changed the CA from symantec to Entrust, and after updating the URL certs to the new one, when i run the curl "curl -k -vv  IP:443" command to verify the ssl status, it give this error&nbsp;
SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.&nbsp;
earlier it used to say SSL verify OK or something. can someone throw some light on this for my understanding?&nbsp;
regards,
Amarz&nbsp;

surgeon · Answer

curl has no build CAs database as browsers have. 
Because of that you are getting the error but since you used -k key it allows curl to proceed further.&nbsp;
If you want to use CA cert to verify server's cert then you can use --cacert/--capath&nbsp;

samir_jha_52506 · Answer

@Amarz, Seems you are running this command on local system, where curl has install but system is not giving CA-bundle cert to verify. Generally in F5 it store "CAfile: /etc/pki/tls/certs/****"
Error: unable to get local issuer certificate (20), continuing anyway.
I would recommend you to run curl command on LB device device, where CA-bundle is available. Small modification require in command.
        curl -k -vv https://

let us know if any question.

Forum Discussion

SSL Certificate verify result

Recent Discussions

Diameter iRules attachment?

Source IP F5 DNS Zone Forwarder

F5 BIG-IP

BIG-IP Oauth Client and AS

How to Renew F5 Device Certificate

Related Content

why the device certificate verify failed when the device certificate is not expired?

Automating ACMEv2 Certificate Management on BIG-IP

Help F5 Transform the BIG-IP Administrator Certification

Re: Management Certificate

Automate Let's Encrypt Certificates on BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS