Blog

Qualified Digital Signature Not Recognized: Missing Root CA Certificate

Upgrading to Ubuntu 20.04 caused a "1 signature is unknown!" error due to OpenSSL 1.1.1f. Building OpenSSL 1.1.1g from source resolved it, but some certificate issues remain.

15 Jun
,
2020
28 Apr
,
2025
# min read
Digital signature process with eID Easy platform interface on a computer screen

After upgrading to a new computer with Ubuntu 20.04, I encountered the following error:

1 signature is unknown!

Error details:

SignatureXAdES_LTA.cpp:198 Signature validation
SignatureXAdES_B.cpp:738 Unable to verify signing certificate
X509CertStore.cpp:351 unable to get local issuer certificate:0
OCSP.cpp:308 Certificate status: unknown


Root Cause

This issue is caused by the OpenSSL 1.1.1f version included in Ubuntu 20.04 LTS.
More information: Open-eID issue #341

The bundled OpenSSL version has known problems with certificate validation, especially when using OCSP and complex certificate chains.

Solution

Building and installing a newer OpenSSL version (1.1.1g or higher) from source helped resolve the error.

Note: Even with OpenSSL 1.1.1g, some minor certificate validation issues might still remain.

How to Build OpenSSL from Source

A detailed guide for compiling OpenSSL on Linux is available here: HowtoForge: How to Install OpenSSL from Source

More latest articles

See all news
See all news
Businesswoman using digital signature on tablet in modern office setting
31 Jan
,
2025
28 Apr
,
2025
eSignatures

Legal Clarity for eSignatures: Insights from an ECJ Ruling

Read article
Diia.Signature digital service by eID Easy, showcasing secure electronic signatures for document signing and user authentication.
28 Jan
,
2025
3 Apr
,
2025
eSignatures
Announcements

eID Easy First to Bring Ukraine’s Diia.Signature to the EU for Legally Valid Signing

Read article