X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate
Any browser application, when tries to connect to a website via proxy, the proxy imitates itself as the website, like a clone. For a proxy to depict itself as the exact same website, it has to connect to the actual website. During this process, the website and proxy do an SSL handshake where the exchange and validation of the SSL certificates are done. Therefore, the proxy has a bundle of trusted certificates that are known to it.
Hence, when SafeSquid (proxy) receives an SSL certificate from the website, there might be times when the certificate chain is broken or misconfigured in the middle. Now, the error "ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY " means either the certificate chain received from the website is not trusted by SafeSquid, or it cannot find the root issuer.
To resolve this issue, follow the steps below.
We need to add a certificate that is stored in the SafeSquid trusted bundle.
In the putty session, log in with “root” and go to the path:
$ cd /var/db/safesquid/ssl/badcerts/incometax.gov.in
To open and view this certificate, follow the command:
$ cat eportal.incometax.gov.in
Copy the certificate from the line “----BEGIN CERTIFICATE----” till the bottom line “----END CERTIFICATE----” and paste this into a notepad.
Again in the putty session, go to the path:
$ cd /usr/local/safesquid/ssl/trusted
To create a file in this folder, follow the command:
$ nano eportal.incometax.gov.in.crt
Copy the certificate from notepad and paste it into this file
Press ctrl+o to save and ctrl+x to exit the file.
Now, restart SafeSquid with the command:
$ /etc/init.d/safesquid restart
And finally, hard restart the browser. The website should work fine now.