3

I´m doing some curl request on my web application (also on bash) and recogonized the following behaviour:

Sometimes i´m doing a

 curl --header "ApiKey: an1ceke3y" https://test.host.com/api/endpoint

i get the following:

 curl: (60) SSL certificate problem: unable to get local issuer certificate

But sometimes, even a second after the fail request i made an successful request.

I made a little test with 6 requests:

1) Success
2) Error
3) Success
4) Success
5) Success
6) Error

Shouldn´t the 

unable to get local issuer certificate

Happens all the time? Is there a way i could better debug the issue?

Additional informations:

API Endpoint is behind a microsoft azure load balancer

Success Request ( with -v )

* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):

Error Request ( with -v )

* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate

Thanks!

develth
  • 771
  • 8
  • 32
  • Possible duplicate of [curl: (60) SSL certificate : unable to get local issuer certificate](https://stackoverflow.com/questions/24611640/curl-60-ssl-certificate-unable-to-get-local-issuer-certificate) – Aserre Jul 25 '17 at 11:15
  • @Aserre but why it success sometimes? The other posts are about perm failures. – develth Jul 25 '17 at 11:21
  • Is it possible that your app is running in multiple servers behind a load balancer which is not handling SSL termination? – Tiago Lopo Jul 25 '17 at 11:28
  • @Tiago: Do you mean the endpoint URL? Thats possible -i will ask the customer. – develth Jul 25 '17 at 11:40
  • Also use the verbose flag for `curl` `-v` that may give you more info. – Tiago Lopo Jul 25 '17 at 11:42
  • @Tiago added further informations with -v output – develth Jul 25 '17 at 11:50
  • 1
    @develth, take a look at the output of curl with `-v`, does it always use the same ip address? don't paste the ip address, just asking because you may have round robin dns and could be using one or more load balancers. if it's not the case chances are that SSL termination is handled at the server behind the load balancer. – Tiago Lopo Jul 25 '17 at 11:55
  • @Tiago already checked it. The Hostname resolves to the same IP address. Customer will check it with azure. Thanks! – develth Jul 25 '17 at 11:56
  • 1
    same here, sometimes it works, sometimes not. Still trying to figure out for days. Any other possible solution? – Eugene Wang May 31 '20 at 01:52
  • @EugeneWang it was a config issues with the LB - one Server didn´t got updated with the new certificate. – develth Jun 01 '20 at 08:31
  • @EugeneWang Did you resolve the issue? I am getting this inconsistant issue in my docker container in local machine. So I tried xampp instead of docker. Issue was there too. – Thejas Mar 31 '22 at 02:54
  • @develth Is there a chance that this issue occur in docker? If you have any clue about it please share. – Thejas Mar 31 '22 at 02:56

0 Answers0