SLE12 / unable to get local issuer certificate

Hi,

on my server with SLE12 I get the following error during configuration of SUSE Customer Center:

Fehler bei sicherer Verbindung: unable to get local issuer certificate

This worked during initial install, patches with zypper are working fine, I encountered this when trying to add additional products through SCC.

Anybody got an idea what’s wrong ? I just tried the same on a second SLE12 server, same result.

Hi mschwarz67346,

[QUOTE=mschwarz67346;29136]Hi,

on my server with SLE12 I get the following error during configuration of SUSE Customer Center:

Fehler bei sicherer Verbindung: unable to get local issuer certificate[/QUOTE]

are you still experiencing this? There was a temporary problem with the SUSE servers, that got fixed almost immediately… but that was a few days before your report. The fingerprints shown in your screen dump do not match the currently used certificate…

Regards,
Jens

[QUOTE=jmozdzen;29165]Hi mschwarz67346,

are you still experiencing this? There was a temporary problem with the SUSE servers, that got fixed almost immediately… but that was a few days before your report. The fingerprints shown in your screen dump do not match the currently used certificate…

Regards,
Jens[/QUOTE]

Hello Jens,

still no change. This happens everytime I try to configure the Customer Center, I ignored it until now because patches are running fine. But I need to configure Add-On Products now, and I cannot fetch the list or use the CC.

Best regards,
Marco

Hi Marco,

to me it looks like you hit a HTTPS server with a certificate that is not the currently valid SUSE one.

Have you tried running SUSEConnect from the command line, i.e. with “–debug”? That way you could probably see what server URL is being contacted. We could then check if that server actually uses a bad/wrong certificate, or if it is something related to your site. Do you connect across a proxy?

If it turns out to be some problem with the server certificate, and you could definitely make sure you are contacting the right server, you could create a file /etc/SUSEConnect (see the *.example version there) and turn off the SSL certificate check. But I only recommend this as a measure of absolutely last resort, because you’re turning of security then: You might be connecting to a “bad” (non-SUSE) server, i.e. a DNS spoofing attack or else, and never find out.

If you cannot debug this further, I recommend to contact SUSE to open a support request.

Regards,
Jens