[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)

[RobertoFioravanti]

Hi there, before introduding ssl certicifate my server is running properly and I'm able to store report remotely.

Then I've generated a self-signed certificate

# generate the certificates signed by the mkcert dev root CA
mkcert -key-file ./workspace/key.pem -cert-file ./workspace/cert.pem 127.0.0.1

and restarted the server.

I'm able to access to the SSL-enabled server https://

Then, on client side, I've changed CodeChecker store command to use https:// instead of http://

The log on client side is:

 [INFO 2023-10-04 06:33] - Checking for local valid sessions.
  [ERROR 2023-10-04 06:33] - Connection failed.
  [ERROR 2023-10-04 06:33] - [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)
  [ERROR 2023-10-04 06:33] - Check if your CodeChecker server is running.

Am I doing something wrong?

Other info:

• Base package version :6.23.0
• Package build date : 2023-10-04T06:33

[whisperity]

Does your certificate file only contain the public key of your certificate directly, or does it also contain the public key of who signed your certificate? The public key file should contain all public keys until a reasonably trustworthy authority is encountered. For example, GitHub's certificate key includes the certificate for 3 elements in the chain:

Also, at least the outermost certificate should be installed in your operating system as a trusted certificate, for every client machine. Usually, having a certificate signed by a globally trusted authority means the CA certificate is in the OS's maintained certificate store already.

For self-signed certificates, this is not the case, until you add them.

[RobertoFioravanti]

It contains the public key of the certificate directly.