When OpenSSL returns this error, the program was unable to verify the certificate’s issuer or the topmost certificate of a provided chain.
This can happen for a few reasons:
The certificate chain or certificate wasn’t provide by the other side or was self-signed
The root certificate is not in the local database of trusted root certificates
The local database of trusted root certificates was not give or queried by OpenSSL. To explicitly give the path to the certificates, use -CApath or -CAfile.
For example, in Debian or Ubuntu, it would look like this:
The result would then be one of the following:
openssl s_client -connect example.com:443 -CApath /etc/ssl/certs/
openssl s_client -connect example.com:443 -CAfile /etc/ssl/certs/ca-certificates.crt
While you enter correct Root and Sub CA Root certificates, ensure SSLCACertificateFile has the full chain inside the file.
Need help? Please contact us at email@example.com