What does the UNIX error message: TLS/SSL failure: myserver: unable to get local issuer certificate mean?
An SSL or TLS session encryption failed because your system does not have the Certificate Authority (CA) certificates installed on OpenSSL’s certificates directory. On most systems, this directory is /usr/local/ssl/certs). As a result, it is not possible to validate the server’s certificate. If CA certificates are properly installed, you should see factory.pem and about a dozen other .pem names such as thawteCb.pem. As a workaround, you can use the /novalidate-cert option in the mailbox name to disable validation of the certificate; however, note that you are then vulnerable to various security attacks by bad guys. The correct fix is to copy all the files from the certs/ directory in the OpenSSL distribution to the /usr/local/ssl/certs (or whatever) directory. Note that you need to do this after building OpenSSL, because the OpenSSL build creates a number of needed symbolic links. For some bizarre reason, the OpenSSL “make install” doesn’t do this for you, so you must do it manually.
Related Questions
- What does the UNIX error message: TLS/SSL failure: myserver: unable to get local issuer certificate mean?
- I get an error message saying certificate has expired when i try to use the online payment form. Why?
- What does the error message: TLS/SSL failure: myserver: Server name does not match certificate mean?
