Hello Andy, > -----Ursprüngliche Nachricht----- > Von: Andy Pont <andy.p...@wonksw.tech> > Gesendet: Montag, 18. September 2023 19:08 > An: users@tomcat.apache.org > Betreff: Unable to get local issuer certificate > > Hello, > > I am receiving the above error when a GitLab webhook tries to call my > servlet. The full text of the error states: > > SSL_connect returned=1 errno=0 state=error: certificate verify failed (unable > to get local issuer certificate). > > If I try to access any of the servlets running in the same Tomcat server from > a > web browser then the certificate is OK and the padlock icon appears as > expected. The certificate that is used by Tomcat is a domain wildcard > certificate issued by Go-Daddy. > > Any ideas on what isn’t being correctly sent in response to the GitLab > webhook? > > Thanks, > > Andy. > > ---------------------------------------------------------------------
This means, the calling program can't verify the certificate. Check whether all the intermediates are delivered by tomcat. Furthermore, the calling program must know the root-certificate of your webserver certificate. Maybe you can post the certificate chain. You might use openssl for this, or https://github.com/rbsec/sslscan for example. Don’t use the browser because it doesn’t show what the server delivers. Greetings, Thomas --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
