Skip to main content

Certificate verification failed

difepape
Hi, I"ve this error trying to install a SSl Certificate, using the WHM tool, any suggestion please?
Certificate verification failed! Certificate verified: stdin: C = US, ST = Illinois, L = Chicago, O = "Trustwave Holdings, Inc.", CN = "Trustwave Organization Validation SHA256 CA, Level 1", emailAddress = ca@trustwave.com[/EMAIL] error 20 at 1 depth lookup:unable to get local issuer certificate
[LIST]
  • CENTOS 6.7 x86_64 xenhvm " [LIST]
  • [WHM 56.0 (build 14) [LIST]
  • Trustwave Certificate [LIST]
  • With Chain (CA bundle) Thanks Fernando

    • Comments

    10 comments

    Date Votes
    • cPanelMichael
      Hello, I've seen this happen due to multiple installations of the OpenSSL package. Please post the output from the following commands:
      openssl version rpm -qa | grep openssl
      Thank you.
      0
    • difepape
      Hello, I've seen this happen due to multiple installations of the OpenSSL package. Please post the output from the following commands:
      openssl version rpm -qa | grep openssl
      Thank you.

      Hi this is the output:
      # openssl version OpenSSL 1.0.2g 1 Mar 2016 # rpm -qa | grep openssl openssl-devel-1.0.1e-42.el6_7.4.x86_64 openssl-1.0.1e-42.el6_7.4.i686 openssl-1.0.1e-42.el6_7.4.x86_64
      Thanks for your help
      0
    • cPanelMichael
      The output you have provided suggests a manually compiled version of OpenSSL on your system. Have you manually installed or modified OpenSSL outside of running "yum update" on this system? Thank you.
      0
    • difepape
      The output you have provided suggests a manually compiled version of OpenSSL on your system. Have you manually installed or modified OpenSSL outside of running "yum update" on this system? Thank you.

      Hi Michael, thanks for your support, now I"ve the Certificates installed, however continue with a subdomain problem, you can help me with this last issue please? Thanks Fernando This SSL certificate was already installed. The SSL website is now active and accessible via HTTPS on this domain: [LIST]
    • mydomain.com The SSL certificate also supports these domains, but these domains do not refer to the SSL website mentioned above: [LIST]
    • subdomain.mydomain.com
      • 0
    • cPanelMichael
      however continue with a subdomain problem, you can help me with this last issue please?

      Could you elaborate on the specific subdomain problem you are facing? Thank you.
      0
    • Olof
      I'm having the same problem when AutoSSL is trying to install a certificate, also likely due to manually installed openSSL: # openssl version OpenSSL 1.0.2j 26 Sep 2016 # rpm -qa | grep openssl openssl-1.0.1e-48.el6_8.3.x86_64 openssl-devel-1.0.1e-48.el6_8.3.x86_64 We however, MUST, use 1.0.2j or later. So what can I do to make AutoSSL be able to install certificates again?
      0
    • cPanelMichael
      Hello @Olof, Feel free to open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome. Thank you.
      0
    • Olof
      Hello @Olof, Feel free to open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome. Thank you.

      Thanks Michael! I have verified my suspicions by removing OpenSSL 1.0.2j (2016), and then WHM can install certs again. However, the problem is that I very much need that version to be use all throughout the system. So how do I get WHM to behave while having this installed? OR have the old version in a separate location and make WHM use that only when installing certs? The old version is 4 years old (OpenSSL 1.0.1e-fips 11 Feb 2013) - that is a long time. Support Request ID is: 8151305
      0
    • Olof
      I got back word from cpanel-support (not Michael), saying it is impossible for WHM to work correctly with newer versions of openSSL. If anyone else is having similar problems, there are only two solutions: 1, Roll back openSSL to the archaic version and move the newer one to /opt/openssl then rebuild everything that need a modern openSSL to look there instead. 2, Start using something else than CPanel/WHM
      0
    • cPanelMichael
      Hello, Thank you for updating us with the outcome from the support ticket. I also encourage you to vote and add feedback to the existing feature request for this at: Ability to Override CurlSSL and OpenSSL Libraries Thank you.
      0

    Please sign in to leave a comment.

    Didn't find what you were looking for?

    New post