Skip to main content

Solve "verify error:num=20:unable to get local issuer certificate" in openssl

Using openssl s_client to test a ssl connection, we may get the following error:

verify error:num=20:unable to get local issuer certificate

For example:
openssl s_client -connect facebook.com:443

CONNECTED(00000003)
depth=2 /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
verify error:num=20:unable to get local issuer certificate
 ... ...
Server certificate
-----BEGIN CERTIFICATE-----
MIIGiDCCBXCgAwIBAgIQCoLvg+TMQDau82d6KfXrwDANBgkqhkiG9w0BAQUFADBp
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSgwJgYDVQQDEx9EaWdpQ2VydCBIaWdoIEFzc3VyYW5j
ZSBFViBDQS0xMB4XDTA4MTExODAwMDAwMFoXDTEwMTEyMjIzNTk1OVowgfYxGzAZ
BgNVBA8MElYxLjAsIENsYXVzZSA1LihiKTETMBEGCysGAQQBgjc8AgEDEwJVUzEZ
MBcGCysGAQQBgjc8AgECEwhEZWxhd2FyZTEQMA4GA1UEBRMHMzgzNTgxNTEbMBkG
A1UECRMSMTU2IFVuaXZlcnNpdHkgQXZlMQ4wDAYDVQQREwU5NDMwMTELMAkGA1UE
BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVBhbG8gQWx0bzEX
MBUGA1UEChMORmFjZWJvb2ssIEluYy4xGTAXBgNVBAMTEHd3dy5mYWNlYm9vay5j
b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMHffWNBvcTk+mUzE3jVYjeW
p2HzsZa/I466h6ftB/neLeuox7ytd6ZejQMDNuNN99Dxq2byty4zFr4mD11BFn//
twCe+g6ZFWxSGtcKxq375AciP9sEpLZppe3Wh7aIxYP16Maz/8AOH52jhXDtonYU
e3A+77BCCzjWggAj3WN1AgMBAAGjggMgMIIDHDAfBgNVHSMEGDAWgBRMWMsl8EFP
UvQoyIFDm6aooOaS5TAdBgNVHQ4EFgQUqldKM7bs1W6BE6Y2XvR7Q1jzj0QwKQYD
VR0RBCIwIIIQd3d3LmZhY2Vib29rLmNvbYIMZmFjZWJvb2suY29tMDQGCCsGAQUF
BwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMBEG
CWCGSAGG+EIBAQQEAwIGwDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADBh
BgNVHR8EWjBYMCqgKKAmhiRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vZXYyMDA4
YS5jcmwwKqAooCaGJGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9ldjIwMDhhLmNy
bDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAIBMIIBpDA6BggrBgEFBQcC
ARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1yZXBvc2l0b3J5Lmh0
bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMAZQAgAG8AZgAgAHQA
aABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8AbgBzAHQAaQB0AHUA
dABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAAdABoAGUAIABEAGkA
ZwBpAEMAZQByAHQAIABFAFYAIABDAFAAUwAgAGEAbgBkACAAdABoAGUAIABSAGUA
bAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0AZQBuAHQAIAB3AGgA
aQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQAeQAgAGEAbgBkACAA
YQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgAZQByAGUAaQBuACAA
YgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADggEBANDr75RRF8J5m620L8cheHE64frw
BSCCzs+gkapciUFiqiOy1U7yFhhP8t/pinlUsqFSVh5/JDvNhaAseo3k9Cef/l3f
2uE0ZMXShOKcqg2Tj0+1Tmutf3bynLTi8EolgLEnx4ThPHaADRQPU/lUrCbLP+rP
SvOLyDYfItNqFSoTGtCPAhtlhoiLP3Da344IQc18EAqQ9Dkhh+hpbG7lvOiiS2aZ
e30IR8d4pMkbycLi7DgEEKYAuI578ccawwutGk7MytqzP70mOjHFyn6mWW4R8rmv
5ueRCBNc3bnW+NmQrlPxma4L3HLgG1VjC4T25VQw8kqTIOWeZkL9yGWIn6I=
-----END CERTIFICATE----- 
  ... ...
SSL-Session:
  ... ...
    Verify return code: 20 (unable to get local issuer certificate)
---
DONE



To solve the error, we may copy the content from "-----BEGIN CERTIFICATE-----" to "-----END CERTIFICATE-----", and save it to a CA.pem file. The following command shall not raise the error:

openssl s_client -CAfile CA.pem -connect facebook.com:443
Labels:

Comments

Post a Comment

Popular posts from this blog

A simple implementation of DTW(Dynamic Time Warping) in C#/python

DTW(Dynamic Time Warping) is a very useful tools for time series analysis. This is a very simple (but not very efficient) c# implementation of DTW, the source code is available at  https://gist.github.com/1966342  . Use the program as below: double[] x = {9,3,1,5,1,2,0,1,0,2,2,8,1,7,0,6,4,4,5}; double[] y = {1,0,5,5,0,1,0,1,0,3,3,2,8,1,0,6,4,4,5}; SimpleDTW dtw = new SimpleDTW(x,y); dtw.calculateDTW(); The python implementation is available at  https://gist.github.com/3265694  . from python-dtw import Dtw import math dtw = Dtw([1, 2, 3, 4, 6], [1, 2, 3, 5],           distance_func=lambda x, y: math.fabs(x - y)) print dtw.calculate() #calculate the distance print dtw.get_path() #calculate the mapping path
14 comments
Read more

Install mysql-python with mariadb

mysql-python requires libmysqlclient-dev in ubuntu, but the installation of mariadb will have the lib with unmet dependenccies, so the error of "mysql_config not found" may occurred if you install mysql-python via pip. The case is that mariadb has a compatible package, if you have the ppa setup as in  http://downloads.mariadb.org/ . Just "sudo apt-get install libmariadbclient-dev".
2 comments
Read more

The default CREATE TABLE options for Aria Engine in mariadb

The official document of mariadb does not mention the default CREATE TABLE options for tables using Aria Engine.  The default options are list as below: TRANSACTIONAL,  the default value is TRANSACTIONAL=0, i.e., non-transactional. ROW_FORMAT, the default value is ROW_FORMAT=PAGE, which may suits both transactional and non-transactional tables. PAGE_CHECKSUM,  the default value will follow aria_page_checksum system variable, which has default value ON. For the TRANSACTIONAL option, you may consider create a table as below(and ALTER the TRANSACTIONAL=1): CREATE TABLE `test_table` ( `id` int(11) NOT NULL AUTO_INCREMENT, PRIMARY KEY (`id`) ) ENGINE=Aria; If you change the ROW_FORMAT to DYNAMIC or FIXED, everything just goes fine. But if you have ALTER the table with TRANSACTION=1 and change the ROW_FORMAT to DYNAMIC or FIXED, you may got a warning: SHOW WARNINGS; +-------+------+----------------------------------------------------------+ | Level | Code | Message | +-------+--
Post a Comment
Read more