Import certificate (signed by CA) - unable to get local issuer certificate

[zeropage]

I operate my own root and intermediate CA and would like to use a certificate for the Syslog client (TLS). I have taken the following steps:

• I imported the certificates of both CAs into OPNsense (System: Trust: Authorities)
• Created a CSR for a leaf certificate in OPNsense (System: Trust: Certificates)
• Signed the CSR with my intermediate CA.
• Opened the CSR for editing in OPNsense and inserted the PEM data of the certificate.
• When I try to save the new certificate, I get the error message "Invalid X509 certificate provided: error 20 at 0 depth lookup: unable to get local issuer certificate".

I performed this process some time ago and had no problems. Unfortunately, I cannot find any documentation for my request. I would be very grateful if someone could help. Thanks in advance.

[Fabian Wenk]

I have not tested this on my own, so this me just guessing a few things worth checking.

- I the time correct on all systems?
- Is your Root CA and Intermediate CA still valid?
- May you have used another Intermediate CA to sign the CSR, as you have imported into OPNsense?
- Check content of all involved certificates with 'openssl x509 -noout -text -in /path/to.pem | less'