Apache is "unable to get local issuer certificate" during mutual authentication.

Solution Unverified - Updated -

Issue

When trying to set up Mutual Authentication (two-way SSL) with Apache the following errors are seen:

  • browser report the following:
    Peer does not recognize and trust the CA that issued your certificate.
    (Error code: ssl_error_unknown_ca_alert)
  • ssl_error_logs show the following:
    [Tue Mar 05 14:43:45 2013] [error] [client 74.191.67.11] Certificate Verification: 
        Error (20): unable to get local issuer certificate
    [Tue Mar 05 14:47:40 2013] [error] [client 10.221.170.96] Certificate Verification: 
        Error (20): unable to get local issuer certificate

Environment

  • Red Hat Enterprise Linux (RHEL)
    • Apache (httpd)
  • Red Hat JBoss Enterprise Web Server (EWS)
    • Apache (httpd)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.