(60) Peer's certificate issuer has been marked as not trusted by the user: Linux/Apache

Question

I am trying to find out why my HTTPS link is not working for my website:

So I ran this command to try:

curl https://localhost/

I am using a valid signed SSL certificate and my HTTP link is working fine. I am using a Multi Domain certificate that was exported from an IIS 6 server. My instance on AWS has the 443 port enabled.

Here is a picture of my CA certificates:

I have tried to change the http.conf file's Virtual Host following the instructions in here: http://ananthakrishnanravi.wordpress.com/2012/04/15/configuring-ssl-and-https-for-your-website-amazon-ec2/

Is there any suggestions on how to get my website properly working on a HTTPS protocol?

Let me know if you need anymore information.

Thanks,

Answer 1

If you're not sure of the certificate that your web server is serving, you can use this command to view the certificate:

openssl s_client -showcerts -connect hostname.domain.tld:443

Also, the hostname in the certificate must match the site that you are requesting. For example, if you request a page from localhost, but your certificate is for www.yourdomain.com, the certificate check will fail.

Answer 2

This means that you are using a self-signed certificate.

In order for this warning not to appear, you need to purchase a certificate from a Certificate Authority.

Answer 3

I got a same error but not similar to your, but summary here hope useful for others:

• OS: CentOS 7
• Run Python's pyspider error:

File "/usr/local/lib64/python3.6/site-packages/tornado/concurrent.py", line 238, in result

raise_exc_info(self._exc_info)

File "", line 4, in raise_exc_info

Exception: HTTP 599: Peer's certificate issuer has been marked as not trusted by the user.

• root cause and steps to fix:

previously existed a soft link:

/usr/lib64/libcurl.so.4 -> /usr/lib64/libcurl.so.4.3.0_openssl

which is invalid one, so changed to valid:

/usr/lib64/libcurl.so.4 -> /usr/lib64/libcurl.so.4.3.0

while two file is:

-rwxr-xr-x 1 root root 435192 Nov  5  2018 /usr/lib64/libcurl.so.4.3.0
-rwxr-xr-x 1 root root 399304 May 10 09:20 /usr/lib64/libcurl.so.4.3.0_openssl

then for pyspider reinstall pycurl :

pip3 uninstall pycurl
export PYCURL_SSL_LIBRARY=nss
export LDFLAGS=-L/usr/local/opt/openssl/lib;export CPPFLAGS=-I/usr/local/opt/openssl/include;pip install pycurl --compile --no-cache-dir

in which PYCURL_SSL_LIBRARY is nss , due to current curl backend is nss according to

# curl --version
curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.36 zlib/1.2.7 libidn/1.28 libssh2/1.4.3
...

can fix my problem.