the attached files are not able to read please help further on this part    

    On Wednesday, September 20, 2023 at 12:29:29 PM PDT, <> 
users Digest 20 Sep 2023 19:28:18 -0000 Issue 14664

Topics (messages 277707 through 277710)

Unable to get local issuer certificate
    277707 by: Andy Pont
    277708 by: Thomas Hoffmann (Speed4Trade GmbH)
    277709 by: Andy Pont

[ANN] Community Over Code Conference NA 2023 in Halifax, Canada, 7-10 Oct 2023
    277710 by: Christopher Schultz


To post to the list, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:


I am receiving the above error when a GitLab webhook tries to call my=20
servlet.  The full text of the error states:

SSL_connect returned=3D1 errno=3D0 state=3Derror: certificate verify failed=
(unable to get local issuer certificate).

If I try to access any of the servlets running in the same Tomcat server=20
from a web browser then the certificate is OK and the padlock icon=20
appears as expected.  The certificate that is used by Tomcat is a domain=20
wildcard certificate issued by Go-Daddy.

Any ideas on what isn=E2=80=99t being correctly sent in response to the Git=



>This means, the calling program can't verify the certificate.
>Check whether all the intermediates are delivered by tomcat.
>Furthermore, the calling program must know the root-certificate of your we=
bserver certificate.

If I look at a random website using 'openssl s_client -showcerts=20
-connect=E2=80=99 then I get the server certificate plus two others:

depth=3D2 C =3D US, O =3D Internet Security Research Group, CN =3D ISRG Roo=
t X1
verify return:1
depth=3D1 C =3D US, O =3D Let's Encrypt, CN =3D R3
verify return:1
depth=3D0 CN =3D

If I use the same command with the Tomcat servlet then it gives the=20

verify error:num=3D20:unable to get local issuer certificate
verify return:1
verify error:num=3D21:unable to verify the first certificate
verify return:1

The chain should be =E2=80=9CGo Daddy Secure Certificate Authority - G2=E2=
=80=9D and =E2=80=9CGo=20
Daddy Root Certificate Authority - G2=E2=80=9D according to the browser.

My guess is that the .pfx file that Tomcat is using doesn=E2=80=99t include=


Please join us in Halifax in 2½ weeks for Community Over Code, the ASF 

The Tomcat and httpd tracks are combined for this conference, being held 
on the second of the four-day conference featuring a wide variety of 
presentations and panel-led discussions about wide-ranging topics 
related to the ASF and the projects you care about.

And of source, the Hallway Track is always a great opportunity to meet 
other developers, users, and committers to chat about whatever is on 
your mind.

The full schedule can be found here:



Reply via email to