Certificate verification failed


#1

Hello, I am trying to create new Poco HTTPSClientSession as follows:

const Poco::Net::Context::Ptr context(new Poco::Net::Context(Poco::Net::Context::CLIENT_USE, "", "/etc/ssl/certs/LetsEncryptCertificate.crt", "", Poco::Net::Context::VERIFY_RELAXED));
m_pSession = new Poco::Net::HTTPSClientSession(host, port, context);

and when I send GET request to server I get:

WARNING: Certificate verification failed
Issuer Name: /O=Digital Signature Trust Co./CN=DST ROOT CA X3
Subject Name: /C=US /O=Let’s Encrypt/CN=Let’s Encrypt Authority X3
The certificate yielded the error: unable to get local issuer certificate
The error occurred in the certificate chain at position 1
Accept the certificate (y,n)?

I am reading this from syslog so I can’t press Y to accept the certificate. When I use context with

Poco::Net::Context::VERIFY_NONE I am able to send the request and get the response because there is no certificate verification. I was trying to add these certificates to my /etc/ssl/certs folder with .pem and .crt extensions still got the same error. So my question is how do I install these certificates on my mangOH Red board? I am using Legato 18.09 with wp76xx chip. Also my app is sandboxed and my adef looks like this requires:

requires:
 {   dir:
    {
     /etc/ssl/certs /etc/ssl/certs
    }
}

#2

Hi ,

Can you share the complete application package with the source code and definition files to reproduce and understand the issue.


#3

No I can not share my source code. Solution was to use ca-certificates.crt