Verify return code: 21 (unable to verify the first certificate)

I have a self-signed certification, I'm using it locally for my API. As you can see in the screenshot is working fine using Docker and Apache for the server side.

SSL working fine

The problem is when I tried to use the react App the request fails when I validate the certification using openssl command line, I got the error

Verify return code: 21 (unable to verify the first certificate)

I found some possible solutions but they suggest to use the fullchain which I don't have idea what they are talking about. I only have 2 files, cert and key

enter image description here

Would be amazing if someone can guide me in the right direction for fixing this annoying issue.

Thanks in advance, and let me know if can I provide with more insights.

2

1 Answer

In order to verify a certificate, it must chain all the way to a trust-anchor. openssl checks this trust-anchor for a keyUsage extension. If present, it must contain keyCertSign as a minimum. It turns out that if this extension exists but doesn't contain keyCertSign it will return error 21.

In addition, your client (openssl s_client) must know which certificate to use as a trust-anchor. You configure openssl to use an additional trust-anchor with the -CAfile option, as follows:

openssl s_client -CAfile <your cert file> -connect api.dev.thetripguru.com:443

2

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like