Unable to get local issuer certificate

Alexander Bishop

unread,

Jun 27, 2024, 3:06:03 PM (6 days ago) Jun 27

to GAM for Google Workspace

I have the following error when trying to enter my Google Workspace Admin email address with my new install:

ERROR: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1002)

I also have this error for AWS commands but use --no-verify-ssl at the end of any command.

Is there a similar option here?

Ross Scroggs

unread,

Jun 27, 2024, 3:07:42 PM (6 days ago) Jun 27

to google-ap...@googlegroups.com

Alexander,

Send me a Meet/Zoom invitation and I'll help.

Ross

----

Ross Scroggs

Ross.S...@gmail.com

--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/afdb8424-c2ae-442c-965a-3025767c25f4n%40googlegroups.com.

Jay Lee

unread,

Jun 27, 2024, 3:12:23 PM (6 days ago) Jun 27

to google-ap...@googlegroups.com

The error indicates a proxy or firewall is performing TLS inspectionof your network traffic which breaks server verification. See:

https://github.com/GAM-team/GAM/wiki#using-gam-with-ssl--tls-mitm-inspection

Jay

✉ Kevin Melillo

unread,

Jun 28, 2024, 7:22:20 AM (5 days ago) Jun 28

to google-ap...@googlegroups.com

I was getting this error for about 2 months (on WSL), which forced me to use the cloud shell instance instead of the local instance of GAM. This happened both on and off VPN, from multiple networks, so I am still unconviced this was a firewall issue. Our IT team was unable to provide any fix for this. What fixed it? I moved to a new Mac, installed, and it just worked.

I still do not know what caused it. But I can move on now that it is resolved for me.

To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/CA%2BVVBp82WpePuii%2BSd2mMBE9oSYeBr%3DOfEMpKNb5e3RbOsx-aA%40mail.gmail.com.

Jay Lee

unread,

Jun 28, 2024, 7:51:46 AM (5 days ago) Jun 28

to google-ap...@googlegroups.com

If you're running on Linux or MacOS try running :

curl -vvvv --insecure https://admin.googleapis.com/

And share the output here (shouldn't be any sensitive/private content.

Id expect to see information about a TLS certificate that's NOT Google's but might point the finger at the offending network appliance/software.

Jay

To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/CAKM%3Dboauc_O-uRLLrsBZ5tDaaDvtatGTASOBh%2Bwzn3mpzm4CXg%40mail.gmail.com.

Reply all

Reply to author

Forward