In this article, we will show you how to solve the Unable to get Local Issuer Certificate error in Google Chrome. This is a common error that can occur while using cURL on Windows or MacOS. The solution is simple and easy. All you need to do is modify your cURL command by adding an extra parameter (–ca). However, if you want to know more about SSL certificates and how they work, then read ahead!
A brief explanation of the error
This error means that the server is unable to verify the identity of the client. It’s possible for this to happen because one or more of these things:
- The client has provided a certificate, but it’s invalid or expired.
- The certificate was issued by an issuer other than your public CA.
- You are using a self-signed certificate, which browsers do not trust automatically and must be added manually in order for them to work (which they will complain about).
What is an SSL Certificate?
An SSL certificate is a digital certificate that is used to encrypt the communication between 2 devices. It is used to secure the connection between 2 devices and it is also used to verify the identity of the server and the client. The main purpose of an SSL certificate is for encryption purposes, but there are other functions it performs as well.
How does SSL work?
SSL is an encryption protocol that establishes a secure connection between a client and server. It uses public key cryptography to encrypt data and secure the connection. This prevents eavesdropping and tampering with data during transmission, but it also requires both parties to have a shared private key.
How to solve the problem if you are on Windows.
- Open a command prompt and run the following commands:
certutil -addstore “c:\Program Files\Apache Software Foundation\Apache2.2\bin\certs”
How to solve the problem if you are on Mac.
If you are on a Mac, the process is slightly different. You will need to use OpenSSL instead of Certbot. This can be done by running the following commands in Terminal:
- Generate a certificate signing request with OpenSSL: “openssl req -newkey rsa:2048 -sha256 -nodes -keyout mydomain.com.key -out mydomain.com-csr“
- Sign the certificate signing request with OpenSSL: “openssl ca -in mydomain.com-csr –signer rootCA –cert ./rootCA/fullchain.pem –days 365“`
- Convert the certificate signing request to a PEM format with OpenSSL: “openssl x509 –inform pem –in domain_name_com-csr.pem –out domain_name_com-certificate`.pem“`
- Copy the certificate to your `/etc/letsencrypt/live` directory (or wherever you chose)
How to get out of it if you are using cURL
If you are using a command-line tool, like cURL or Wget, to retrieve your certificate, then the error message is likely something like the following:
SSLHandshake failed with error code 1. The SSL protocol requires a server to send its own certificate, but this server did not send one or isn’t configured for it. The problem may be due to a mistake in the configuration files on your machine – if so please ensure that these files have not been tampered with and that they reference the same server names as other machines you are connecting to. If these steps don’t fix your problem then contact us for help.#ENDWRITE
Conclusion
This is a very common error that occurs in most Linux and Unix systems. So, if you are experiencing this issue, do not panic as there is a solution to this problem.