tzssangglass edited a comment on issue #4370: URL: https://github.com/apache/apisix/issues/4370#issuecomment-856481940
@spacewander @tokers , I use the certs in https://github.com/apache/apisix/tree/master/t/certs, I get this error when I verify these certificates ```shell $ /usr/local/openresty/openssl111/bin/openssl verify t/certs/mtls_client.crt C = cn, ST = GuangDong, O = api7, L = ZhuHai, CN = client.apisix.dev error 20 at 0 depth lookup: unable to get local issuer certificate error t/certs/mtls_client.crt: verification failed $ /usr/local/openresty/openssl111/bin/openssl verify t/certs/mtls_server.crt C = cn, ST = GuangDong, O = api7, L = ZhuHai, CN = admin.apisix.dev error 20 at 0 depth lookup: unable to get local issuer certificate error t/certs/mtls_server.crt: verification failed $ /usr/local/openresty/openssl111/bin/openssl verify t/certs/mtls_server.crt -CAfile /usr/local/apisix/t/certs/mtls_ca.crt C = cn, ST = GuangDong, O = api7, L = ZhuHai, CN = admin.apisix.dev error 20 at 0 depth lookup: unable to get local issuer certificate error t/certs/mtls_server.crt: verification failed Can't open -CAfile for reading, No such file or directory 281473499807792:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('-CAfile','r') 281473499807792:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76: unable to load certificate C = cn, ST = GuangDong, L = ZhuHai, O = api7, OU = ops, CN = ca.apisix.dev error 18 at 0 depth lookup: self signed certificate error /usr/local/apisix/t/certs/mtls_ca.crt: verification failed $ /usr/local/openresty/openssl111/bin/openssl verify t/certs/mtls_client.crt -CAfile /usr/local/apisix/t/certs/mtls_ca.crt C = cn, ST = GuangDong, O = api7, L = ZhuHai, CN = client.apisix.dev error 20 at 0 depth lookup: unable to get local issuer certificate error t/certs/mtls_client.crt: verification failed Can't open -CAfile for reading, No such file or directory 281473612107824:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('-CAfile','r') 281473612107824:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76: unable to load certificate C = cn, ST = GuangDong, L = ZhuHai, O = api7, OU = ops, CN = ca.apisix.dev error 18 at 0 depth lookup: self signed certificate error /usr/local/apisix/t/certs/mtls_ca.crt: verification failed ``` a little strange, `/usr/local/apisix/t/certs/mtls_ca.crt` clearly has a certificate file I get the same error `unable to get local issuer certificate` as start apisix, I think this problem is related to the certificate -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
