Problem: SSL Certificate Error in System Diagnostic



Kudos @Moritz_Bunkus


In system diagnostic you see an error about an invalid certificate after you have installed external certificates based on this article.


Step 1

Verify the error is related to an intermediate certificate not being installed
openssl verify /etc/myssl/cert.pem

The expected output in case of a missing intermediate certificate should look similar to the following:

error 20 at 0 depth lookup: unable to get local issuer certificate
error /etc/myssl/cert.pem: verification failed

Step 2

If this is the case, install the missing certificate by:

Step 2A:

Copy the intermediate CA’s certificate to /usr/local/share/ca-certificates . Note that it must be encoded in PEM (not DER), and that the file name’s extension must be .crt and not .pem .

Step 2B:

Execute the command update-ca-certificates as user root .