/
Check Trusted Root CAs

Patients Know Best Wiki Hub | Deploy | Developer | Trust Centre | Manual | Research | Education | Release Notes

Check Trusted Root CAs

Instruction

Following instruction on this page you can test if your client can trust certificate presented by our servers.

On the host that runs your service run the next command:

curl -o /dev/null -s -vvv https://my.patientsknowbest.com

Expected Success Output

* Trying 35.246.122.93:443... * Connected to my.patientsknowbest.com (35.246.122.93:443) port 443 (#0) ... * Connection #0 to host my.patientsknowbest.com left intact

Connection #0 to host my.patientsknowbest.com left intact indicates that the OS trusts the root CA we used to issue our server certificate.

TIP: Version of your integration engine running on the given host might not trust the root CA we picked.

NEXT: Consult documentation of your integration enginge to see what root CAs it supports.

TIP: Version of the runtime environment of your integration engine might not support the root CA. E.g.: older java versions don’t trust Let’s Encrypt root certs.

NEXT: Explore ways to update your client software and/or its runtime environment.

Expected Failure Output

* Trying 2606:4700:10::6816:1cac:443... * Connected to my.patientsknowbest.com (35.246.122.93:443) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: /etc/ssl/certs * TLSv1.0 (OUT), TLS header, Certificate Status (22): * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS header, Certificate Status (22): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS header, Finished (20): * TLSv1.2 (IN), TLS header, Supplemental data (23): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.2 (OUT), TLS header, Unknown (21): * TLSv1.3 (OUT), TLS alert, unknown CA (560): * SSL certificate problem: unable to get local issuer certificate * Closing connection 0 curl: (60) SSL certificate problem: unable to get local issuer certificate More details here: https://curl.se/docs/sslcerts.html curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.

curl: (60) SSL certificate problem: unable to get local issuer certificate indicates that client and server does not share any CA they both trust.

TIP: Version of your integration engine running on the given host might not trust the root CA we picked.

NEXT: Consult documentation of your integration enginge to see what root CAs it supports.

TIP: client software might be outdated or missing security updates (can be OS and/or integration engine version).

NEXT: Explore ways to update your client software and/or its runtime environment.

Patients Know Best Wiki Hub | Deploy | Developer | Trust Centre | Manual | Research | Education | Release Notes

© Patients Know Best, Ltd. Registered in England and Wales Number: 6517382. VAT Number: GB 944 9739 67.

This API specification and design is licensed under a Creative Commons Attribution 4.0 International License.