Thanks! I've closed the bug.
** Changed in: ca-certificates (Ubuntu)
Status: Incomplete => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1549709
Title:
getting "unable to get local
Looks like I can't close it.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1549709
Title:
getting "unable to get local issuer certificate" for valid domains
after upgrading to
Hi Marc,
thanks for pointing out to restart services. In fact I had a service
still running during the update causing the error. Combined with the
different behaviour you just described betweent 15.10 and 14.04 it made
me make a wrong conclusion. I'll close the bug.
Thanks again!
--
You
The openssl tools in Ubuntu 14.04 never did use the system CA file by
default. That was fixed in later releases. So it's normal that you don't
need to specify it manually when using 15.10 for example, but do need to
specify it in 14.04.
The path to it has always been
additional info:
on both servers ("working" and "not working") show:
openssl version -d
OPENSSLDIR: "/usr/lib/ssl"
and both show (since /usr/lib/ssl/certs is symlinked to /etc/ssl/certs
ls -l /usr/lib/ssl/certs/ca-certificates.crt
-rw-r--r-- 1 root root 274340 Feb 25 12:45
Hi Marc,
thanks for your feedback. That's interesting! My comman
echo | openssl s_client -connect www.google.com:443
works perfectly well on all my servers returning a positive result
except the servers that have been updated as far as I can see. When I
add the argument -CAfile
Your example command doesn't work. You need to tell openssl where the
certificate store is, like so:
echo | openssl s_client -CAfile /etc/ssl/certs/ca-certificates.crt
-connect www.google.com:443
What version is your openssl package? Please do:
apt-cache policy libssl1.0.0
Thanks.
** Changed
** Description changed:
Several 14.04 servers were reporting problems connecting to different
sites and APIs this morning.
I'm not entirely sure, but looking at /var/log/apt/history (showing ca-
certificates:amd64 (20141019ubuntu0.14.04.1, 20160104ubuntu0.14.04.1))
in combination