SSL certificate problem: unable to get local issuer certificate

Ask Fedora
1

We followed the procedure mentioned in Fedora official site to install the Zscaler certificate for Fedora 34 for cloning git repository.

But we are getting SSL certificate issue.
fatal: unable to access ‘https://github.com/xxx/xxx.git/’: SSL certificate problem: unable to get local issuer certificate.

2

After copying the certificate to
/etc/pki/ca-trust/source/anchors/, did you

sudo update-ca-trust extract

?

Are you sure Git Is using the system CA bundle?

git config --get http.sslCAInfo

I’d be easier to help if you would outline what you did step-by-step.

Also, F34 is end of life since a long time and not safe to use anymore. If it’s not a typo, I recommend upgrading asap.

3

We followed the below steps for installing the Zscaler certificate for F34.

  1. Using the trust command:
  • Add a certificate as a trust anchor: You can add a certificate to the system-wide trust store using the trust anchor command.
  • Specify the certificate path: Provide the path to the certificate file (e.g., /path/to/mycert.pem).
  • Example: trust anchor /path/to/mycert.pem.
  • Verify: Use the trust list command to see the list of trusted certificates.
  1. Copying the certificate and running update-ca-trust:
  • Copy the certificate: Place the certificate file (in PEM or DER format) into the /etc/pki/ca-trust/source/anchors/ directory.
  • Run update-ca-trust: This command updates the system’s trust store with the new certificate.
  • Example: sudo update-ca-trust.
  1. For command-line tools (like git):
  • git config --global http.sslCAInfo /path/to/your/ca.pem: Specifies the path to the CA certificate for git.
  • Update the CA certificates: Use sudo update-ca-certificates to update the system’s CA certificates.

As you suggested we will upgrade to F39.

Thanks for your support.