RHEL-8 smart card and SSSD p11_child do_verification error "unable to get local issuer certificate"
Issue
Smart card authentication appears to not work, fails.
Troubleshooting reveals a SSSD error from p11_child do_verification, like for example:
(2021-04-12 13:10:00:317891): [p11_child[31232]] [do_verification] (0x0040): X509_verify_cert failed [0].
(2021-04-12 13:10:00:317895): [p11_child[31232]] [do_verification] (0x0040): X509_verify_cert failed [20][unable to get local issuer certificate].
Environment
RHEL-8 with SSSD, OpenSC and smartcard, with or without IPA.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.