SSL certificate error

If you experience SSL certificate issues like:

certificate has expired
unable to get local issuer certificate

these actions should be asked for

Ensure no outdated certificate is in the truststore

Outdated certificates cause issues with node/openssl, so please check each single certificate in the truststore.

Ensure the full chain is in the truststore

Node/openssl require to have the full chain of certificates in the truststore. All intermedia also ca certificates must be in the truststore, otherwise node/openssl will reject the certificate.

Ensure the correct and up-to-date certificates are in the truststore

Tools like KeyStore Explorer have their own truststore, which might be outdated. So if you use that one and the server does not return the full chain of certificates, then Keystore Explorer for example will display the trust chain of the possible outdated trust chain. To retrieve the most current trust chain browsers are more reliable. The best and correct solution is, to get the trust chain from the service provider directly using a trustable contact and channel.

So please check each single certificate and their certificate chains in the truststore

To investigate the SSL certificates returned by the server itself , these openssl commands might be helpful

openssl s_client -connect HOSTNAME:443 -servername HOSTNAME < /dev/null 2>/dev/null | openssl x509 -text
openssl s_client -connect HOSTNAME:443 -servername HOSTNAME < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout
openssl s_client -connect HOSTNAME:443 -servername HOSTNAME < /dev/null