skip to Main Content

I am generating a self signed certificate using openssl in Ubuntu. I want to use it for localhost rest server. But while verification, I am getting error : x509: certificate signed by unknown authority, can anyone please tell me how I can resolve this error?

Thanks!

2

Answers


  1. Place your root certificate and intermediate (if you have one) in /usr/share/local/ca-certificates with the .crt extension.

    Run:

    sudo update-ca-certificates
    Updating certificates in /etc/ssl/certs...
    1 added, 0 removed; done.
    Running hooks in /etc/ca-certificates/update.d...
    done.
    

    In this case, curl is your friend:

    curl -Iv https://localhost/path/to/api
    

    Also you can run openssl s_client

    openssl s_client localhost:443
    

    Additionally, you can interrogate your certificate by providing your certificate:

    openssl s_client -connect localhost:443 -CAfile /path/to/your/cert.pem
    

    If you certificate does not match, you know. Possibly you are using the wrong certificate for your REST API or the certificate is not being installed, which you can verify by looking in /etc/ssl/certs directory on your system (if you are running Linux)

    Login or Signup to reply.
  2. Place your .crt certificate to /usr/share/ca-certificates

    Edit /etc/ca-certificates.conf and add your certificate name there.
    (Look at update-ca-certificates man page for more information.)

    Then run sudo update-ca-certificates

    Works for me in Ubuntu 22

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search