SSL Certificate verify result

Question

I changed the CA from symantec to Entrust, and after updating the URL certs to the new one, when i run the curl "curl -k -vv  IP:443" command to verify the ssl status, it give this error&nbsp;
SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.&nbsp;
earlier it used to say SSL verify OK or something. can someone throw some light on this for my understanding?&nbsp;
regards,
Amarz&nbsp;

surgeon · Answer

curl has no build CAs database as browsers have. 
Because of that you are getting the error but since you used -k key it allows curl to proceed further.&nbsp;
If you want to use CA cert to verify server's cert then you can use --cacert/--capath&nbsp;

samir_jha_52506 · Answer

@Amarz, Seems you are running this command on local system, where curl has install but system is not giving CA-bundle cert to verify. Generally in F5 it store "CAfile: /etc/pki/tls/certs/****"
Error: unable to get local issuer certificate (20), continuing anyway.
I would recommend you to run curl command on LB device device, where CA-bundle is available. Small modification require in command.
        curl -k -vv https://

let us know if any question.

Forum Discussion

SSL Certificate verify result

2 Replies

Recent Discussions

Advise on setting up IRULE

Chrome V 124+ on MacOS - Virtual Server Access Issue

Port Group on F5OS network setting

F5Access | MacOS Sonoma

Rewrite uri translation not working

Related Content

Verified Design: SSL Orchestrator with Palo Alto NGFW Virtual Edition-Part 1

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

Verified Design: SSL Orchestrator with McAfee Web Gateway-Part 1

Re: Management Certificate

Automate Let's Encrypt Certificates on BIG-IP