Welcome! Log In Create A New Profile


unable to get local issuer certificate

Torsten Reinhard
March 23, 2020 06:08AM

I´m running nginx/1.17.8 as a ReverseProxy, executed as Docker container via docker-compose.yaml.

version: '2'
image: nginx:1.17
container_name: nginx
restart: always
- "443:8443"
- "80:8080"

- /data/nginx-conf:/etc/nginx/conf.d/

- webgateway

driver: bridge
com.docker.network.driver.mtu: 1300

It´s configured to run secured, which is working fine. The servers being proxied are availabe at https, but currently the verification is turned off.The certificate used by the server is also valid, it´s a chain being built upon server->intermediate-root CA.

When turning it on, I always get

=> nginx | 2020/03/19 12:37:50 [error] 6#6: *1 upstream SSL certificate verify error: (20:unable to get local issuer certificate) while SSL handshaking to upstream, client:, server: tam-ci.mygroup.net, request: “GET /sonarqube/ HTTP/2.0”, upstream: "https://10.248..117.61:443/sonarqube/", host: “tam-ci.mygroup.net”

Here´s my configuration:

location /sonarqube/ {
proxy_pass https://cvm23801.mygroup.net$request_uri;

# TODO needed here ?
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

# verify the Traefik certificate

# TODO need to use own client certificate ???
#proxy_ssl_certificate /etc/nginx/conf.d/tam-ci.pem;
#proxy_ssl_certificate_key /etc/nginx/conf.d/tam-ci.key;

proxy_ssl_trusted_certificate /etc/nginx/conf.d/mygroup-ca.pem;

proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;

#proxy_ssl_name tam-ci.bmwgroup.net;
proxy_ssl_verify on;
#proxy_ssl_server_name off;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;

proxy_read_timeout 1800;
proxy_connect_timeout 1800;
proxy_send_timeout 1800;
send_timeout 1800;

Any idea why I always see this error ? Or how to fix it?
The proxy_ssl_trusted_certificate is a valid certificate chain containing an Intermediata as well as a root certificate (in one file)

Thanx in advance,

nginx mailing list
Subject Author Posted

unable to get local issuer certificate

Torsten Reinhard March 23, 2020 06:08AM

Re: unable to get local issuer certificate

vijay.dcrust August 03, 2020 11:33PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 118
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready