I am posting this question on SO instead of ServerFault, because all my previous efforts to get Magento 2 issues sorted out, ended up being hacking some or other code in the Magento or template source.
I have configured a basic install of Magento 2 with a theme for a client.
Magento is running on IIS and Windows. (Not WAMP), shared IIS hosting on windows (My own server).
I configured the shop to use SSL, and the complete shop runs over SSL without any issues.
However, when trying to use the market place, I get a weird SSL issue:
"SSL certificate problem: unable to get local issuer certificate"
This error is shown on the Magneto shop (which is currently running over ssl), when trying to sign in to the market place.
I have found lots of hits on this issue, but all answers seem to lead to a self-signed certificate that isn't trusted or adding intermediary and/or root certificates. This is all based on XAMP, WAMP or native 'nix installations.
I do not understand what the exact issue is. I also do not know how to troubleshoot this further as the error description is very vague.
I would appreciate some feedback.
Thanks
This error happens because cURL cannot find a cacert.pem file from which take the trusted signatures.
There are some ways to set this file in cURL:
• Pass the cacert.pem file path directly to cURL when making the call;
• Set the path to the cacert.pem file in the php.ini.
You could follow below post:
• https://serverfault.com/questions/633644/adding-a-self-signed-cert-to-the-trusted-certs-within-curl-in-windows
• https://magento.stackexchange.com/questions/97036/magento-component-manager-ssl-certificate-problem-unable-to-get-local-issuer-c
• https://mage2.pro/t/topic/988
Regards,
Jalpa.
Related
Trying to install gmail
Get an error about certificates
and that leads me to this post within the webcatalog documentation that relates to MacOS
https://docs.webcatalog.io/article/68-why-do-i-receive-connection-error-on-macos-10-11
I download that .der from there, and ensure that that certificate is placed within trusted root authorities.
But still no luck
What do I need to do to get rid of a certificate error like that
I have been going around and around with this issue. I can create a dev-cert using dotnet dev-certs https --trust but the certificate only appears in the Personal certificates folder. If I try copying it to the Trusted folder it disappears on refresh. I have watched videos of people doing this on YouTube and it works so I'm not sure what is wrong with my PC/install.
Running my code and hitting the route in Postman returns a 500 error and UntrustedRoot.
I have tried this using a local user account and my admin account. I have also tried creating a certificate and importing it using OpenSSL following guides I have found, but still no luck.
I am running Windows 10 Pro on a new build PC. Windows was a clean install with a new licence.
I really don't want to have to purchase a signed certificate just to do development on localhost as that seems a bit overkill.
Any suggestions?
tl;dr try disabling your anti-virus before creating certificate!
I finally stumbled upon the answer; my anti-virus, WebRoot. I was following a YouTube tutorial on how to add a custom certificate to Kestrel and in doing so I discovered that WebRoot was blocking access to the hosts file. Disabling the av allowed me to update that file but also, it then allowed trusting of the dev-cert generated by dotnet dev-certs https --trust.
Not sure how I can prevent this in future other than temporarily disable the av before creating a certificate. Frustrating that the av doesn't warn me and there doesn't appear to be an obvious setting to allow this to happen.
I have a problem with a self-signed SSL certificate not being accepted on my Windows 7 box. I need this because the QuickBooks web connector will not address my CRM except over HTTPS, and the CRM is hosted on an intranet-only Linux server.
I followed the instructions here, and then used certmgr.msc to import the certificate on the client machine. The import appeared to be successful, and I can see the certificate in the "Trusted Root" store:
The problem is that it doesn't work; QBWC still reports it can't connect due to an authentication error, and my browser still rejects the certificate:
Could someone please give me an idea what I'm doing wrong? Thanks in advance!
The correct answer was propounded by #RickK - I had issued the certificate in my own name, instead of the domain of the server. The prompts in Apache make this rather confusing; it really looks like you're supposed to put your own name in the "Common Name" field, and the tutorial I followed seems to advise the same thing.
Anyway, I reissued the certificate, changing the CN field to "apps," and everything is working now. Thanks to #RickK and #pulkitsinghal for your helpful input. (And sorry for the delay in my response - this project got pushed to the back burner for awhile.)
I have:
Installed XCart (Gold Plus 4.6.0 - Trial with Lexity Live) on Netfirms
Purchased (and successfully installed) a RapidSSL Premium Certificate from GeoTrust through Netfirms
Enabled SSL in XCart and updated config file appropriately.
When I run Settings::Security Settings I receive error under HTTPS Options, "Warning! HTTPS/SSL check failed. Please make sure that HTTPS is configured properly."
Question: If the certificate is installed and the software knows to go to the secure server address what could be the problem?
I realize more background info is necessary. Please help. I know nothing of ssl. I read somewhere quickly in the past year or so something about symlink-ing, etc. I don't believe this to be of use here. Perhaps I am incorrect.
All my love,
Once you have SSL configured in your browser, it should just work. Make sure your cert is actually installed correctly.
You can test it with the SSL Installation Diagnostics Tool.
If that actually comes back ok for your site, then your best bet will be to check the syslog, perhaps something is not configured properly in your webserver config?
I have two "Web Sites" running under IIS6 (Windows Server 2003R2 Standard), each bound to a separate IP address (one is the base address of the server).
I used SelfSSL to generate and install an SSL certificate for development purposes on one of these sites and it works great. I then run SelfSSL to generate a certificate for the second site and the second site works, but now the first site is broken over SSL.
I run SSL Diagnostics and it tells me:
WARNING: You have a private key that corresponds to this certificate but CryptAcquireCertificatePrivateKey failed
If I re-run SelfSSL on the first site (to fix it), the first site works but then the second site is broken.
It seems like SelfSSL is doing something in a way that is designed to work with only one Website, but I can't seem to put my finger on exactly what it's doing and figure out how to suppress it. I would manually configure SSL but I don't have a certificate server handy, but maybe there is a way to get SelfSSL to just gen the cert and let me install it?
FWIW I have also followed the guidance of several posts that indicate changes to the permissions of the RSA directory are in order, etc. but to no avail. I don't work with SSL everyday so I may be overlooking something that someone with more experience might notice, or perhaps there is a diagnostic process that I could follow to get to the bottom of the issue?
We had a similar problem today. Our IT guy said he solved it by basically using ssldiag instead of selfssl to generate the certs.
See the reply from jayb123 at this URL: http://social.msdn.microsoft.com/forums/en-US/netfxnetcom/thread/15d22105-f432-4d8f-a57a-40941e0879e7
I have to admit I don't fully understand what happened, but I'm on the programming side rather than the network admin side.