the attached files are not able to read please help further on this part
On Wednesday, September 20, 2023 at 12:29:29 PM PDT, users-digest-h...@tomcat.apache.org <users-digest-h...@tomcat.apache.org> wrote: users Digest 20 Sep 2023 19:28:18 -0000 Issue 14664 Topics (messages 277707 through 277710) Unable to get local issuer certificate 277707 by: Andy Pont 277708 by: Thomas Hoffmann (Speed4Trade GmbH) 277709 by: Andy Pont [ANN] Community Over Code Conference NA 2023 in Halifax, Canada, 7-10 Oct 2023 277710 by: Christopher Schultz Administrivia: --------------------------------------------------------------------- To post to the list, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-digest-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-digest-h...@tomcat.apache.org ---------------------------------------------------------------------- I am receiving the above error when a GitLab webhook tries to call my=20 servlet. The full text of the error states: SSL_connect returned=3D1 errno=3D0 state=3Derror: certificate verify failed= =20 (unable to get local issuer certificate). If I try to access any of the servlets running in the same Tomcat server=20 from a web browser then the certificate is OK and the padlock icon=20 appears as expected. The certificate that is used by Tomcat is a domain=20 wildcard certificate issued by Go-Daddy. Any ideas on what isn=E2=80=99t being correctly sent in response to the Git= Lab=20 webhook? Thanks, Andy. >This means, the calling program can't verify the certificate. >Check whether all the intermediates are delivered by tomcat. >Furthermore, the calling program must know the root-certificate of your we= bserver certificate. If I look at a random website using 'openssl s_client -showcerts=20 -connect=E2=80=99 then I get the server certificate plus two others: depth=3D2 C =3D US, O =3D Internet Security Research Group, CN =3D ISRG Roo= t X1 verify return:1 depth=3D1 C =3D US, O =3D Let's Encrypt, CN =3D R3 verify return:1 depth=3D0 CN =3D xxx.mydomain.com If I use the same command with the Tomcat servlet then it gives the=20 following: verify error:num=3D20:unable to get local issuer certificate verify return:1 verify error:num=3D21:unable to verify the first certificate verify return:1 The chain should be =E2=80=9CGo Daddy Secure Certificate Authority - G2=E2= =80=9D and =E2=80=9CGo=20 Daddy Root Certificate Authority - G2=E2=80=9D according to the browser. My guess is that the .pfx file that Tomcat is using doesn=E2=80=99t include= =20 them. -Andy. Please join us in Halifax in 2½ weeks for Community Over Code, the ASF Conference. The Tomcat and httpd tracks are combined for this conference, being held on the second of the four-day conference featuring a wide variety of presentations and panel-led discussions about wide-ranging topics related to the ASF and the projects you care about. And of source, the Hallway Track is always a great opportunity to meet other developers, users, and committers to chat about whatever is on your mind. The full schedule can be found here: https://communityovercode.org/schedule/ -chris