Curl: (60) SSL certificate problem: unable to get local issuer certificate**

Hello,

The curl is failing with error curl: (60) SSL certificate problem: unable to get local issuer certificate

because I am getting this below certificate instead of Cloudflare origin certificate in my curl command output. Why do the curl showing this certificate details instead of Cloudflare origin certificate info when I enabled proxy ??

*** Server certificate:**

*** subject: CN=*.rie-svc.com**

*** start date: Nov 23 22:15:48 2021 GMT**

*** expire date: Feb 21 22:15:47 2022 GMT**

*** issuer: C=US; O=Let’s Encrypt; CN=R3**

  • SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.

  • Using HTTP2, server supports multiplexing

  • Connection state changed (HTTP/2 confirmed)

  • Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0

  • Using Stream ID: 1 (easy handle 0x7f81c400d000)

POST /job.JobService HTTP/2

Host: jobservice-dev.rie-svc.com

user-agent: curl/7.78.0

accept: /

content-type: application/grpc

I installed the below origin cert which I generated from Cloudflare portal in our grpc server and when I disabled the proxy I can see the origin certificate details in curl command correctly

*** Server certificate:**

*** subject: O=CloudFlare, Inc.; OU=CloudFlare Origin CA; CN=CloudFlare Origin Certificate**

*** start date: Dec 9 04:01:00 2021 GMT**

*** expire date: Dec 5 04:01:00 2036 GMT**

*** subjectAltName: host “jobservice-dev.rie-svc.com” matched cert’s “*.rie-svc.com”**

*** issuer: C=US; O=CloudFlare, Inc.; OU=CloudFlare Origin SSL Certificate Authority; L=San Francisco; ST=California**

but when enable proxy I am seeing the below

*** Server certificate:**

*** subject: CN=*.rie-svc.com**

*** start date: Nov 23 22:15:48 2021 GMT**

*** expire date: Feb 21 22:15:47 2022 GMT**

*** issuer: C=US; O=Let’s Encrypt; CN=R3**

What steps I have to do to fix this error curl: (60) SSL certificate problem: unable to get local issuer certificate which coming when I enabling proxy??

The proxy server sits between you and the origin. Proxy server needs a public certificate so browsers can connect. The public cert will come from either Let’s Encrypt or Digicert.

As for the curl error, it’s most likely due to your setting of Minimum TLS Version to 1.3 instead of 1.2.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.