Page 1 of 1

Understanding SSL Verification Failer Message: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY

Posted: Tue Apr 14, 2020 9:24 am
by aashish97
Hello All,

In this post, I am trying to cover a very important problem statement faced by most of the users which results in bad user experience.
And for the use case we are using website : msme.gov.in

As per your request to access Website: msme.gov.in which was not getting accessed since it was having SSL Error.
This SSL Error occurs when the Remote Server [in this case msme.gov.in ] does not provide SSL Certificate Chain during SSL Handshake.
This SSL Error is Misconfiguration of SSLCertificateChain on Remote Server.

Note :
This error can also occur if the SSL certificate stack
that SafeSquid uses does not contains the intermediate certificate who signed the websites SSL certificate AND the webserver hosting that site failed to problem the complete SSL chain during the SSL handshake.
The SSL stack used by SafeSquid is missing with few top intermediate and root ca certificate which will be then fixed in the later versions.
But it is mandatory that the webserver should provide the complete SSL certificate chain during the SSL handshake.

SSL Certificate Chain can be Tested & Verified Over here: https://whatsmychaincert.com/?msme.gov.in

SSL Certificate Chain Analysis SnapShot of msme.gov.in
msme.gov.in-certifcatechainerror.png
msme.gov.in-certifcatechainerror.png (25.42 KiB) Viewed 1799 times