DEV Community

Jessica howe
Jessica howe

Posted on

How to Fix Unable to get Local Issuer Certificate

Image description

Were you trying to move the site from HTTP to HTTPS but were greeted by the SSL certificate problem: unable to get local issuer certificate? If yes, then there is no need to tell you how frustrating and irritating the error is. As it doesn’t go away no matter how many times you have altered the cURL request or verified the URL.

If you are one of those people who are facing this issue and want to get it resolved, then let me inform you that you have landed on the right article. In this piece, we will explore the “unable to get local issuer certificate” error in great detail.

What is the SSL Certificate Problem: Unable to Get Local Issuer Certificate?

The SSL certificate problem: unable to get local issuer certificate error is a warning message that pops up when the browser (SSL client) tries to establish a secure and encrypted connection with a website (HTTPS request), but it (browser in this case) isn’t able to complete the chain of trust for the site’s SSL cert.

In simple terms, the SSL certificate problem: unable to get local issuer certificate error appears when the browser is unable to find or access the certificate of the authority that issued the website’s SSL cert (the local issuer).

Reasons Behind Unable to Get Local Issuer Certificate Error

The main reason because of which the unable to get local issuer certificate error pops up is an incomplete chain of trust. But apart from that, there are “n” number of other reasons as well that can give rise to this error, such as:

  • The Root certificate is not present in your system’s trust store.
  • The system’s list of trusted cert is not up to date.
  • Website using a self-signed cert that is not recognized by the browser, etc.

How to Fix the SSL Certificate Problem: Unable to Get Local Issuer Certificate?

There are six (6) methods or techniques that can be utilized to fix the SSL certificate problem: unable to get local issuer certificate error.

Start with the first method, and if it does not work, move on to the subsequent (next) one.

Method 1: — Verify you are not using a self-signed SSL certificate

Method 2: — Add SSL cert to the trusted certificate store

Method 3: — Modify the php.inf file

Method 4: — Install Git again and select SSL transport backend

Method 5: — Provide repository access to SSL certs

Method 6: — Temporarily disable SSL certificate (Not recommended)

Let’s explore each of these methods in detail.

Method 1: Verify you are not using a Self-signed SSL Certificate

If a self-signed SSL certificate is in play (in use), then it may happen that the operating system and the web browser may not recognize it. And when it happens, the SSL certificate problem: unable to get local issuer certificate warning message pops up.

Hence, verify whether a self-signed cert or an SSL issued by a trusted Certificate Authority, like — Certera, Comodo, RapidSSL, and so on, is in play. If it’s self-signed, buy a new SSL certificate issued by reputed CAs.

Method 2: Add SSL Cert to the Trusted Certificate Store
By adding the missing intermediate or root cert to the system’s trust store, you will be completing the missing link in the chain of trust. Apart from that, doing so will also make the system able to verify the SSL cert locally without fetching it from an external source.

Follow the steps mentioned below to add an SSL cert to the trusted certificate store:

  • Copy the Git SSL cert.
  • Navigate to C:\Program Files\Git\mingw64\ssl\certs. (This is where the trusted certificate store is located)
  • Open the ca-bundle.crt file.
  • Paste the missing SSL cert at the end of the .crt file.
  • Save the file.
  • Re-access the site.
  • Verify whether the issue persists or not.

Method 3: Modify the php.inf file
Modifying the php.inf file can also resolve this issue. All that you need to do is to set the path to a valid certificate bundle using the curl.cainfo and openssl.cafile directives.

Follow the steps mentioned below to modify the php.inf file:

  • Enter the credentials to log into the cPanel (web control panel).
  • Navigate to File Manager.
  • From there, navigate to PHP Software.
  • Double-click the php.inf file to open it.
  • Click http://curl.haxx.se/ca/cacert.pem.
  • Download the file (cacert.pem).
  • Copy the cacert.pem file to openssl/zend (Example: — /usr/local/openssl-0.9.8/certs/cacert.pem)
  • Move to the php.inf file.
  • Insert cainfo = ‘/usr/local/openssl-0.9.8/certs/cacert.pem to CURL.
  • Restart PHP.
  • Verify whether CURL can access the HTTPS URL or not.

In case you don’t feel confident enough to modify the php.inf file but still want to get the warning message to vanish, use the code mentioned below:

$ch = curl_init();
$certificate_location = ‘/usr/local/openssl-0.9.8/certs/cacert.pem’;
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, $certificate_location);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, $certificate_location);
Enter fullscreen mode Exit fullscreen mode

Method 4: Install Git Again and Select SSL Transport Backend
If you are facing trouble while executing Git commands, simply uninstall Git. Once you have it, reinstall Git and select the transport backend option during the installation process. Choosing the transport backend option will modify the application’s code to use a different SSL backend.

Follow the steps mentioned below to uninstall Git:

  • Click Search, placed on the taskbar.
  • Type Add or remove programs and press Enter.
  • The Settings window will appear.
  • In the Setting window, in the right pane, click the *Overflow icon *(three vertical dots) placed adjacent to Git.
  • From the list, click Uninstall.
  • Wait for 1–2 minutes to get the Git uninstalled.
  • Click Search, placed on the taskbar.
  • Type Google Chrome and press Enter.
  • The Google Chrome window will appear.
  • In the Google Chrome window, in the URL bar, type https://git-scm.com/download/win.
  • Press Enter.
  • Download the appropriate Git version (Latest version preferred)
  • Install the Git and while doing so, choose SSL Transport Backend option.
  • Once done, verify whether the issue exits or not.

Method 5: Provide Repository Access to SSL Certs
Granting repository access to SSL certs or reassigning the path in Visual Studio Code can help fix the issue in discussion, particularly in development environments. As by doing so you give VS Code access to the necessary certificates, allowing it to recognize & trust them during development and testing.

Follow the steps mentioned below to fix this message in Visual Studio Code:

  • In case, the error is occurring due to local misconfiguration, reassign the path. To do so, use the git config –global http.sslcainfo “Path” command.
  • In case, the error is occurring due to accessibility, then set the accessibility at the system level. To do so, open the Terminal window with administrative privileges and run the git config –system http.sslBackend schanne command.
  • Run the git config –global http.sslBackend schannel command to reconfigure Git with the global flag on the SSL cert configuration.

Method 6: Temporarily disable SSL certificate (Not recommended)
If none of the methods listed above were able to fix this SSL Certificate Problem, then you can temporarily disable SSL verification. Doing this will surely fix the issue, but it’s not a recommended option as it will make the data in transmission vulnerable to cyber attacks.

Follow the steps mentioned below to disable SSL cert verification temporarily:

  • In case you only want to temporarily turn off the SSL certificate verification locally in Git, you should execute the $ git -c http.sslVerify=false clone [URL] command.
  • If you want to temporarily turn off SSL certificate validation globally, execute the $ git config –global http.sslVerify false command.

After verifying whether the issue has been resolved, it’s advised to turn off the SSL cert validation. To do so, you can use the $ git config –global http.sslVerify true command.

Heroku

Build apps, not infrastructure.

Dealing with servers, hardware, and infrastructure can take up your valuable time. Discover the benefits of Heroku, the PaaS of choice for developers since 2007.

Visit Site

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

👋 Kindness is contagious

Discover a treasure trove of wisdom within this insightful piece, highly respected in the nurturing DEV Community enviroment. Developers, whether novice or expert, are encouraged to participate and add to our shared knowledge basin.

A simple "thank you" can illuminate someone's day. Express your appreciation in the comments section!

On DEV, sharing ideas smoothens our journey and strengthens our community ties. Learn something useful? Offering a quick thanks to the author is deeply appreciated.

Okay