Error: SSL certificate problem, verify that the CA cert is OK


#1

I’m getting this error, when try to authorize an external app to work with my WordPress page.

Error: SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed


#2

Typically that’s because not all 3 certs were uploaded in the correct place. Test things with https://www.ssllabs.com/ssltest/ should give you some clues ( or tell us the domain name )


#3

Perhaps this is the reason?

DST Root CA X3 Self-signed
Fingerprint SHA1: dac9024f54d8f6df94935fb1732638ca6ad77c13
Pin SHA256: Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys=
RSA 2048 bits (e 65537) / SHA1withRSA
Weak or insecure signature, but no impact on root certificate


#4

Perhaps. Without knowing all the other details I don’t know.


#5

Root CA is never required on the chain for the server.
Because either client know and trust them or it makes no benefit.


#6

This is the domain name: https://vm.yourwpguy.com/


#7

Use fullchain.pem instead of cert.pem


#8

ssllabs does not tell me that for the domain vm.yourwpguy.com . There is no problem with chain.


#9

I see this error here


#10

I am on the same page. “Chain issues: None” Rating A.


#11

Sorry, caching issue


#12

Well, without knowing what this “”“an external app”"" is, we can’t say anything about it, now can we :smile:

Although the IdenTrust DST Root CA X3 certificate is quite accepted generally, there are some instances not recognising it as a trusted CA root certificate. Blackberry for instance I believe, among others.


#13

It’s under API Authentication Endpoint: “Our authentication endpoint allows easy integration between WooCommerce and Apps…” like here: https://woocommerce.wordpress.com/2015/08/07/api-settings-and-the-api-authentication-endpoint-in-2-4/


#14

I will try to contact my hosting provider.

“Some web servers have outdated root CA certificates and will cause this curl error: “SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed’”. The fix is to contact your hosting provider or server administrator and request a root CA cert update.”


#15

Whichone is the CA cert (as a PEM file) exactly?


#16

I’m also looking for the typical ca certificate to deploy certificates in Zimbra. I get an error pointing to invalid provider:

~$ /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/ca_chain.crt
** Verifying /tmp/commercial.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key
Certificate (/tmp/commercial.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match.
XXXXX ERROR: Invalid Certificate: /tmp/commercial.crt: C = US, O = Let’s Encrypt, CN = Let’s Encrypt Authority X1
error 2 at 1 depth lookup:unable to get issuer certificate
XXXXX ERROR: provided cert isn’t valid.

/tmp/ca_chain.crt is fullchain.pem
/tmp/commercial.crt is cert.pem
/opt/zimbra/ssl/zimbra/commercial/commercial.key is privkey.pem

I just wanted to try adding ca cert to the full chain.


#17

You may need to include the root CA. You can find the root certificates at https://letsencrypt.org/certificates/. For right now, you’ll want the root linked under the “Cross Signing” section, not the one at the very top.