I have seen too much advice on the Internet for resolving problems when one encounters erroers of this sort when using the lftp client on linux:
mput: myfile.log: Fatal error: Certificate verification: unable to get local issuer certificate (3E:...)
or this one:
mput: myfile.log: Fatal error: Certificate verification: unable to get issuer certificate (4A:...)
You research that and get a lot of htis that recommend to
“set ssl:verify-certificate false inside the lftp command”
But, you know, security-wise, that isn’t such a hot approach. And you can do better with just a bit more effort.
Examine what certificate the ftp server is using with this openssl command:
$ openssl s_client -showcerts -connect example.com:21 -starttls ftp
The privatre pki scenario
I’m imagining a scenario where yuo are in a world where a private pki reigns. In that case you want to just make sure lftp knows where to find the private root CA and possibly the intermediate CA.
To be continued…