I have a self-signed certification, I'm using it locally for my API. As you can see in the screenshot is working fine using Docker and Apache for the server side.
The problem is when I tried to use the react App the request fails when I validate the certification using openssl command line, I got the error
Verify return code: 21 (unable to verify the first certificate) I found some possible solutions but they suggest to use the fullchain which I don't have idea what they are talking about. I only have 2 files, cert and key
Would be amazing if someone can guide me in the right direction for fixing this annoying issue.
Thanks in advance, and let me know if can I provide with more insights.
21 Answer
In order to verify a certificate, it must chain all the way to a trust-anchor. openssl checks this trust-anchor for a keyUsage extension. If present, it must contain keyCertSign as a minimum. It turns out that if this extension exists but doesn't contain keyCertSign it will return error 21.
In addition, your client (openssl s_client) must know which certificate to use as a trust-anchor. You configure openssl to use an additional trust-anchor with the -CAfile option, as follows:
openssl s_client -CAfile <your cert file> -connect api.dev.thetripguru.com:443

