Hello,
I have setup LFS 12.0 and then trying to setup certificates related stuff.
Stuck at getting local certificate...
Installation is in the following sequence.
openssl-3.1.2
libtasn1-4.19.0
p11-kit-0.25.0
make-ca-1.12
however I encountered the following error in the middle of make-ca setup, and stuck.
Code:
root@lfs:/sources/make-ca-1.12# /usr/sbin/make-ca -g
Checking for new version of certdata.txt...done.
Unable to get revision from server! Exiting.
the below is the log content
Code:
root@lfs:/tmp/tmp.gUL2krMSrf# cat certdata.txt.log
CONNECTED(00000003)
---
Certificate chain
0 s:C = US, ST = California, L = San Francisco, O = Mozilla Foundation, CN = hg.mozilla.org
i:C = US, O = DigiCert Inc, CN = DigiCert Global G2 TLS RSA SHA256 2020 CA1
a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
v:NotBefore: Sep 19 00:00:00 2023 GMT; NotAfter: Sep 18 23:59:59 2024 GMT
1 s:C = US, O = DigiCert Inc, CN = DigiCert Global G2 TLS RSA SHA256 2020 CA1
i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Mar 30 00:00:00 2021 GMT; NotAfter: Mar 29 23:59:59 2031 GMT
---
no peer certificate available
---
No client certificate CA names sent
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 3574 bytes and written 678 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 20 (unable to get local issuer certificate)
---
root@lfs:/tmp/tmp.gUL2krMSrf#
I once built LFS 11.3/BLFS and successfully setup, but this time I may have missed something.
Can anyone point me where I am wrong?
Thanks
Hiroyuki