Security / Troubleshoot common issues |
When a client needs to connect to a server with https, the client needs to trust the server it is talking to. So the client needs to included the server CAs (certificate authorities list) to its trusted CAs.
This error means the client CA list is missing a certificate authority in its CA list.
openssl x509 -in ClientCAList.pem -noout -text
Solution:
openssl x509 -in MyCompanyCA.crt -text >> ClientCAList.pem
Theory:
Usually certificates work in pairs: a public key and a private key.
Figure 1. Certificates working in pairs: a public key and a private key
This means that the client has a certificate that can be signed by an authority signed itself by a root authority. Likewise, the server has a certificate that can be signed by an authority signed itself by a root authority. In some instances, a certificate can be signed by itself.
Things to remember: