Issues with OpenSSL but NOT with NMap? why? "unable to get local issuer certificate"


I’m checking an issue where the Qualys EE generated a report identifying a point of vulnerability with the following issue, “unable to get local issuer certificate”; I proceed to test with OpenSSL to validate through the terminal, and yes, OpenSSL shows the same case; but when I use a different tool like Namp y SSLab, and everything shows good!, with a verify CA and the complete chain, why its the different, where its the issue about? any orientation about it? Is this an issue with Kong? I have the Cert and CA in Kong.

$ openssl s_client -connect
depth=0 C = DO, ST = SDQ, L = SDQ, OU = OU, O = O, CN = *
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = DO, ST = SDQ, L = SDQ, OU = OU, O = O, CN = *
verify error:num=21:unable to verify the first certificate
verify return:1

$ nmap --script ‘ssl*’ -p 443
Starting Nmap 7.80 ( ) at 2020-07-08 21:06 AST
Nmap scan report for ()
Host is up (0.022s latency).
Other addresses for (not scanned):
rDNS record for : adsl

443/tcp open https
| ssl-cert: Subject:
| Subject Alternative Name: DNS:,
| Issuer: commonName=GlobalSign Organization Validation CA - SHA256 - G2/organizationName=GlobalSign nv-sa/countryName=BE
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2018-02-01T22:01:01
| Not valid after: 2021-02-01T22:01:01
| MD5: 9999 f1db a2bd 637c 86d3 4733 228a 5fd8
|_SHA-1: dab1 d779 f52c 394e c966 ef2b e1a3 27cf 8c3b fc2e
|ssl-date: TLS randomness does not represent time
| ssl-enum-ciphers:
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (secp256r1) - A
| compressors:
| cipher preference: client
least strength: A


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ