SSL Certificate Problem: Unable to get local issuer certificate

In this article, we are going to talk about: “SSLC problem: unable to get local issuer certificate” what is it?  How did you get this type of error? And a few methods with you can …

Unable to get local issuer certificate

In this article, we are going to talk about:

  • “SSLC problem: unable to get local issuer certificate” what is it? 
  • How did you get this type of error?
  • And a few methods with you can fix the error “SSLC certificate problem: unable to get issuer certificate.”

“SSL certificate problem: unable to get local issuer certificate” what is it?

If you are here, you must be already familiar with it, and you must have caught this error.

But I would like to state a little intro to it for those who don’t know about it.

It is a type of error you encounter when attempting to secure your website, like when you shift your website from HTTP or cURL to HTTPS.

It is a security protocol, and it is used to make and tell how authentic your website is.

It will securely convey your user’s information or confidential data (credit card, personal info, etc.) from their browser to your web without corrupting by third-party (hackers) or information from your server to the user’s browser safely.

How did you get this type of error? What causes it?

This is caused when the source certificate is not working correctly, or misarrangement occurs while sending source or mid-way SSL/TLS certificate to the webserver at the time of verification for shifting from cURL HTTPS.

When you attempt to get a certificate for your web, it will pop up an error saying “SSLC problem: unable to get local issuer certificate.”

Note: There could be other causes of this error, like problems in git or in the software that are interfering with SSL/TLS.

It is better to know the correct root cause to fix it.

Alert!

Before explaining how you can solve this, I would like to give you million-dollar advice to save you from a big blunder.

So, the advice is: “No matter how many problems you are facing to get the SSL certificate, no matter how much you have tried to get rid of the error saying, “SSL certificate problem: unable to get local issuer certificate” Never I repeat Never uninstall your SSL certificate.

You indeed now wanted to know the reason why I am saying this so strictly.

Well, I have a solid reason for this too.

As you know, the SSL certification encrypts your information like yours and your user’s secret/private information from being corrupted by a third party.

By uninstalling an SSL certificate, you will put everything at risk.

Now, Let’s see the methods to fix the “SSL certificate problem: unable to get local issuer certificate.”

Methods to try.

  1. For git users
  2. For .PEM Format
  • Change php.ini 
  • Not change php.ini
  1. For .CRT Format

For Git Users

Sometimes, git users encounter this error while converting from cURL to HTTPS.

If you are a git user and you are facing this error, then don’t worry. 

We have a permanent solution for you.

All you need to do is navigate your CA bundle and type the command given below:

git config –system http.sslCAPath /absolute/path/to/git/certificates

As a git user, you can temporarily solve this problem by disabling your SSLC, but as I alert you above, it is very risky, and I would never recommend you run an e-commerce site. It will put your business and customer security at full risk.

Yet, I am providing the method for those who may want it instead.

So, you can temporarily solve this issue by disabling the SSLC and for that, use the command below:

git config –global Http.sslVerify false

For. PEM Format

Change in php.ini

For making changes in php.ini while keeping SSL along, you must follow the steps below:

  1. http://curl.haxx.se/ca/cacert.pem click the link and download cacert.pem
  2. Next, copy your cacert.pem to open it in your version of openssl/zend

Such as: /usr/local/openssl0.9.8/certs/cacert.pem 

  1. Then, open your php.ini and make an amendment in your cURL with /usr/local/openssl0.9.8/certs/cacert.pem
  2. After that, restart your PHP and check if your cURL is reading HTTPS or not.

Not Change in php.ini

For .PEM format not changing php.ini and keeping SSL while maintaining it write the given code:

$ch = curl_init();

$certificate_location = ‘/usr/local/openssl-0.9.8/certs/cacert.pem’;

curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, $certificate_location);

curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $certificate_location);

For .CRT Format

For obtaining an SSL bundle, click the link below:

https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt

then, copy the content and save it into your server; you can save it anywhere because this location doesn’t make any difference, but I would suggest you keep it near to the server’s top level.

Conclusion:

“SSL certificate problem: unable to get local issuer certificate” is an error that encounters when you attempt to make your site secure, like shifting from cURL or HTTP to HTTPS.

There could be many possible reasons behind this, such as misarrangements occur while sending source or mid-way SSL/TLS certificates to the webserver.

 Yet this error is not common, but undoubtedly it occurs sometimes, and for that, we have provided you the possible solutions that can work for you.

Suggested Read: 500 Internal server error

Leave a Comment