[Bug 1549709] Re: getting "unable to get local issuer certificate" for valid domains after upgrading to 20160104ubuntu0.14.04.1

Thanks! I've closed the bug. ** Changed in: ca-certificates (Ubuntu) Status: Incomplete => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1549709 Title: getting "unable to get local

[Bug 1549709] Re: getting "unable to get local issuer certificate" for valid domains after upgrading to 20160104ubuntu0.14.04.1

Looks like I can't close it. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1549709 Title: getting "unable to get local issuer certificate" for valid domains after upgrading to

[Bug 1549709] Re: getting "unable to get local issuer certificate" for valid domains after upgrading to 20160104ubuntu0.14.04.1

Hi Marc, thanks for pointing out to restart services. In fact I had a service still running during the update causing the error. Combined with the different behaviour you just described betweent 15.10 and 14.04 it made me make a wrong conclusion. I'll close the bug. Thanks again! -- You

[Bug 1549709] Re: getting "unable to get local issuer certificate" for valid domains after upgrading to 20160104ubuntu0.14.04.1

The openssl tools in Ubuntu 14.04 never did use the system CA file by default. That was fixed in later releases. So it's normal that you don't need to specify it manually when using 15.10 for example, but do need to specify it in 14.04. The path to it has always been

[Bug 1549709] Re: getting "unable to get local issuer certificate" for valid domains after upgrading to 20160104ubuntu0.14.04.1

additional info: on both servers ("working" and "not working") show: openssl version -d OPENSSLDIR: "/usr/lib/ssl" and both show (since /usr/lib/ssl/certs is symlinked to /etc/ssl/certs ls -l /usr/lib/ssl/certs/ca-certificates.crt -rw-r--r-- 1 root root 274340 Feb 25 12:45

[Bug 1549709] Re: getting "unable to get local issuer certificate" for valid domains after upgrading to 20160104ubuntu0.14.04.1

Hi Marc, thanks for your feedback. That's interesting! My comman echo | openssl s_client -connect www.google.com:443 works perfectly well on all my servers returning a positive result except the servers that have been updated as far as I can see. When I add the argument -CAfile

[Bug 1549709] Re: getting "unable to get local issuer certificate" for valid domains after upgrading to 20160104ubuntu0.14.04.1

Your example command doesn't work. You need to tell openssl where the certificate store is, like so: echo | openssl s_client -CAfile /etc/ssl/certs/ca-certificates.crt -connect www.google.com:443 What version is your openssl package? Please do: apt-cache policy libssl1.0.0 Thanks. ** Changed

[Bug 1549709] Re: getting "unable to get local issuer certificate" for valid domains after upgrading to 20160104ubuntu0.14.04.1

** Description changed: Several 14.04 servers were reporting problems connecting to different sites and APIs this morning. I'm not entirely sure, but looking at /var/log/apt/history (showing ca- certificates:amd64 (20141019ubuntu0.14.04.1, 20160104ubuntu0.14.04.1)) in combination