Deploy Script Fails to Trust AWS CA TLS Certificate

The deploy script fails with the following error:

Failed to authenticate with PrivX: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get issuer certificate (_ssl.c:1108)

This typically occurs when your PrivX instance is running on Amazon Web Services (AWS) and the TLS certificate is issued by the AWS Certificate Authority (for example, via AWS Application Load Balancer).

Potential Solution

  1. Download the Amazon Root CA certificate.

  2. Prepend the Amazon Root CA to your certificate chain file.

  3. Update the trust anchor by running:

    /opt/privx/scripts/init_nginx.sh update-trust /path/to/ca_chain.crt
  4. Restart the PrivX service.

  5. Re-download the deploy script and try again.

Was this page helpful?