tech.safesquid.com

SafeSquid SWG Community Support
http://tech.safesquid.com/forum/

X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY

http://tech.safesquid.com/forum/viewtopic.php?f=56&t=77

Page 1 of 1

X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY

Posted: Mon Jun 24, 2019 11:51 am
by samidha
SSL Verification Error While Trying To Access payment.gst.gov.in
We are getting error while accessing GST website.The same website was working till last Friday.
This normally means that the list of trusted certificates is not complete. So we add the domain gst.gov.in on Profile : NO ISSUER SITE but still we are getting same error, as of now we have provided open proxy to user considering the payment issue. Request you to verify and revert.
Template :
SSL Connection to payment.gst.gov.in:443 denied
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: The issuer certificate of a locally looked up certificate could not be found. This normally means that the list of trusted certificates is not complete.

Re: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY

Posted: Mon Jun 24, 2019 11:52 am
by samidha
Let me Explain you the Scenario,
Why did you all got a SSL Verification Error while trying to access payment.gst.gov.in
also you did not face it prior one day, it was faced recently
The Site: payment.gst.gov.in have recently renewed their SSL Certificate
Screenshot 1 :
image.png
image.png (13.76 KiB) Viewed 1885 times
Screenshot 2:
image.png
image.png (12.18 KiB) Viewed 1882 times

Re: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY

Posted: Mon Jun 24, 2019 11:52 am
by samidha
Over here in the above 2 Screenshot, I have highlighted the Date when the SSL Certificate for Site : payment.gst.gov.in was issued
it was recently renewed on 3rd June 2019
Also the date does not mean that it is the same date when the certificate was installed on the payment.gst.gov.in server.
If you have visited payment.gst.gov.in on 8th June 2019(Saturday), in this case the certificate was installed on the payment.gst.gov.in server most probably on Saturday Night or on Sunday or can be even on Monday Morning, it can be on any day.
When you installed the New Certificate, you have not configured a very important configuration on web-server which specifies the Certificate Chain.
This is very important as it is an inbuilt mechanism in SafeSquid that checks Incomplete Certificate Chain errors.
i.e If the Server fails to provide proper SSL Certificate Chains or Incomplete Certificate chain, SafeSquid will block that website and will show you the error as :
SSL Connection to payment.gst.gov.in:443 denied
X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: The issuer certificate of a locally looked up certificate could not be found.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/