I was designing and testing a VMware vCenter server update Repository web server solution in my home lab, I built a new web server, but when accessing it on vCenter server with curl command it was giving below error. When I checked the same url in browser, it was working fine, because it was https ssl certificate and it was not trusted certificate this was causing the error.
curl https://webserver/vc_update_repo curl: (60) SSL certificate problem: unable to get local issuer certificate more details here: https://curl.haxx.se/docs/sslcertys.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.
Enable Access to the VCSA Bash shell or Appliance Shell
To diagnose further the issue I verified and tried to download Root CA (certificate authority certificate) from browser clicking lock icon button and view certificate, and save certificate to file.
There might be scenario save ssl certificate to file option may be restricated, that time you can directly download CA certificate and certificate chain from Microsoft Active Directory Certificate Services url (certsrv), (Since it was a lab and I had configured one CA server to generate SSL certificates), make sure you download Base 64 certificate chain.
Copy downloaded certificate to vCenter server using SCP tools. ie free winSCP. since latest VMware vCenter appliance run on VMware photon os (linux), run below command to update trusted root certificate authority list.
cat yourrootCAcertificate.cer >> /etc/pki/tls/certs/ca-bundle.crt
Just showing the details of my lab root ca ssl certificate contents. next when I rerun curl command again with the https url it works fine.
cat yourrootCAcertificate.cer curl https://webserver/vc_update_repo
Useful Article
How to import default vCenter server appliance VMCA root certificate and refresh CA certificate on ESXi
How to replace default vCenter VMCA certificate with Microsoft CA signed certificate
Managing ESXi SSL certificate properties from vCenter server
Forward vCenter Server Appliance logs to syslog server
Patching the vCenter Server Appliance VCSA
Install and Configure VMware UMDS on Linux