As amazing as it is, the internet can also often be dangerous. That’s why we have security certificates in place that differentiate safe websites from unsafe ones. However, installing these SSL certificates isn’t always easy, and they have problems that can leave you scratching your head.
In this article, we’re talking about the “X509: Certificate signed by unknown authority” error, its causes and what you can do to fix the problem.
What causes the “X509: Certificate signed by unknown authority” error?
The issue often arises when using self-signed certificates instead of trusted CA-signed certificates. The error often occurs because a self-signed certificate is installed to enable HTTPS on the website. Other causes include:
- CA certification isn’t valid
- The authorising body doesn’t identify your CA
How to fix the “X509: Certificate signed by unknown authority” error?
You can try the following four fixes.
Get a reliable SSL certificate
If you’re getting your certificates from a not-so-popular issuing authority or signing it yourself, chances are your SSL certificate is at fault. We recommend using LetsEncrypt or ZeroSSL to get SSL certificates that don’t cause such problems.
Update your TLS version
If your web server uses an older version of TLS, you need to upgrade your TLS/SSL library to support the latest standard. While your hosting provider should automatically implement this, in case you see the error, updating the library manually shouldn’t be too much of a hassle.
You will need to contact your hosting provider for the exact steps.
If you’re using HTTP to connect to the server, try switching it to HTTPS. Currently, most SSL certificates don’t allow HTTP as it’s less secure and more prone to attacks.
For self-signed applications
If you’re using a certificate for your REST applications, make sure you place the .CRT certificate file in the following directory.
Once done, edit the /etc/ca-certificates.conf file and add your certificate’s name. Last but not least, update the file by running the following command.
Also read: How to fix SSL_Connect_Error?