Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


CO-piBot: return = 20 : UNABLE TO GET ISSUER CERT LOCALLY
 

This code indicates the certificate found on the server has not been recognized by our test tool.

  • If this certificate has been delivered by TBS INTERNET, it has been wrongly installed.

    In most cases it comes from the certification chain that is not or wrongly displayed.
    Take our installation instructions (see delivery email), and check the installation of the chain (file B in our instructions, Install a server certificate).
  • This message can also be sparked off if you bought a certificate issued by a certification authority we do not trust and with we chose not to work.

Common scenarios:

  • Installation of a Thawte certificate on IIS5 or IIS6 platforms:
    Only the beginning of the certification chain is displayed by the server: "CN=Thawte SSL CA"
    The second element of the chain is missing: "CN=Thawte Primary Root CA"
  • Solve the problem:
    - You must therefore check that this certificate entitled "Thawte Primary Root CA" is present on your server in the intermediate certificates.
    See also:
    - Disable Thawte PCA root (2036)
    - Install intermediate or root certificate in IIS manually

Import the certification chain manually

On Microsoft platforms, you may have just installed the .cer certificate and forgot to import the .p7b file.
Then the certification chain matching your certificate has to be imported manually, see the documentation store.

Error messages that client browsers might display

This may result in the following error message:

  • Microsoft Internet Explorer

    There is a problem with this website's security certificate.

    The security certificate presented by this website was issued for a different website's address.

    Security certificate problems may indicate an attempt to trick or intercept the data you send to the server.

    We recommend that you close this webpage and do not continue to this website.


  • Google Chrome

    This is probably not the site you are looking for!

    You attempted to reach example.domain.combut, instead, you are currently communicating with a server identified as*.example.domain.com. This may be due to a server misconfiguration or something more serious. A hacker on your network may be trying to make you visit a fake version of example.domain.comYou should not proceed, especially if you have never seen this warning before for this site.

  • Apple Safari, Apple Mail, Iphone, IPad, ...

    Safari can't verify the identity of the website <<example.mydomain.com>>

    The certificate for this website is invalid. You may be connecting to a website that claims to be <example.mondomaine.fr>, which could potentially compromise your confidential data. Would you still like to connect to this site?

  • Mozilla Firefox, Tunderbird, ...

    This Connection is Untrusted

    You have asked Firefox to connect securely to example.mydomain.com, but we can't confirm that your connection is secure.

    Normally, when you try to log in securely, the sites present a certified ID to prove that you are at the right address. However, the identity of this ite cannot be verified.
    What Should I Do?
    If you usually connect to this site without any problems, this error may mean that someone is trying to impersonate this site and you should not proceed.
    Get me out of here!