Ask a Question

Advanced Search

Solution ID : SO12792

Last Modified : 06/21/2018

"Error 2 at 1 depth lookup:unable to get issuer certificate" when validating device certificate chain

Problem

When validating device certificate chain using openssl, you may receive the following error message:

error 2 at 1 depth lookup:unable to get issuer certificate

error 2 at 2 depth lookup:unable to get issuer certificate

Cause

This error occurs when CA file is missing the proper root and intermediate certificates.

Solution

To resolve this issue, ensure both the root and intermediate certificates are included in the CA file.

For example:

----BEGIN CERTIFICATE-----
[SECONDARY INTERMEDIATE CERTIFICATE]
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
[PRIMARY INTERMEDIATE CERTIFICATE]
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
[ROOT CERTIFICATE]
-----END CERTIFICATE-----


Once included, execute the following command: openssl verify -CAfile <CA_FILE> <DEVICE_CERT>