my guess is that the CA you got the certificate from uses an intermediate CA that isn’t known to the UCS system.
Under the hood that system diagnostics script executes the following command:
openssl verify /path/to/certificate.pem Armed with that knowledge one can deduce what’s to be done: register the intermediate CA certificate as a trusted CA certificate.
But first make sure this is actually the problem. Execute
openssl verify /etc/myssl/cert.pem and post its output here, please.
If this is indeed the problem, you can register the intermediate CA. On Debian-based systems such as UCS the necessary steps are:
- Copy the intermediate CA’s certificate to
/usr/local/share/ca-certificates. Note that it must be encoded in PEM (not DER), and that the file name’s extension must be
.crt and not
- Execute the command
Afterwards there should be symbolic links in
/etc/ssl/certs pointing to the file you’ve copied to
/usr/local/share/ca-certfiicates; one for the file name itself (this time with the extension
.pem, curiously) and one for the hash of the certificate.
Now try that
openssl verify /etc/myssl/cert.pem again.