'Re: where to find the ca.txt file'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-users
Subject:    Re: where to find the ca.txt file
From:       sandeep kiran p <sandeepkiranp () gmail ! com>
Date:       2010-04-30 3:24:22
Message-ID: y2x70f6328c1004292024v3dde272ai4fc563dcc4685b29 () mail ! gmail ! com
[Download RAW message or body]

Your server certificate isn't getting verified against the client's trust
store(myca.pem). This could be the case where the CA that signed the server
cert isn't present in the client's trust store. You can use Openssl's verify
command to check why this is happening.

-Sandeep

On Thu, Apr 29, 2010 at 1:23 AM, sara bai <sara.byh@gmail.com> wrote:

>
> hi:
> Actually I got some error when connect ssl server by this way   . I've created
> a self-signed certificate
>
> # openssl s_client -ssl3 -connect 127.0.0.1:9999 -verify 10 -showcerts
> -cert /home/myCA/certs/client.pem -key /home/myCA/private/client.pem -CAfile
> /home/myCA/certs/myca.pem -msg -debug
>
>
> >> verify error:num :unable to get local issuer certificate
>
>      verify error:num':certificate not trusted
>      verify error:num!:unable to verify the first certificate
>
>      No client certificate CA names sent
> >> Verify return code: 21 (unable to verify the first certificate)
>
>
> I have no idea how to send client cercificate CA names ...
>
>
> 2010/4/29 Vladimir Belov <ml.vladimbelov@gmail.com>
>
>
>> I think there is no such file yet. I could be mistaken.
>>
>> For what do you need this file? Do you want to know how to create a
>> self-signed test certificate  or something else?
>>
>>
>>>

[Attachment #3 (text/html)]

Your server certificate isn&#39;t getting verified against the client&#39;s trust \
store(myca.pem). This could be the case where the CA that signed the server cert \
isn&#39;t present in the client&#39;s trust store. You can use Openssl&#39;s verify \
command to check why this is happening.<div> <br></div><div>-Sandeep<br><br><div \
class="gmail_quote">On Thu, Apr 29, 2010 at 1:23 AM, sara bai <span dir="ltr">&lt;<a \
href="mailto:sara.byh@gmail.com">sara.byh@gmail.com</a>&gt;</span> \
wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px \
#ccc solid;padding-left:1ex;"> <div><br>hi:</div><div>Actually I got some error when \
connect ssl server by this way   . I&#39;ve <span style="font-family:arial, \
sans-serif;font-size:13px;border-collapse:collapse;color:rgb(51, 51, 51)">created a \
self-signed certificate</span><br>

<div><br></div><div><div># openssl s_client -ssl3 -connect <a \
href="http://127.0.0.1:9999" target="_blank">127.0.0.1:9999</a> -verify 10 -showcerts \
-cert /home/myCA/certs/client.pem -key /home/myCA/private/client.pem -CAfile \
/home/myCA/certs/myca.pem -msg -debug</div>

</div><div><br></div><div><br></div><div><div>&gt;&gt; verify error:num=20:unable to \
get local issuer certificate</div><div><br></div><div>     verify \
error:num=27:certificate not trusted</div><div>     verify error:num=21:unable to \
verify the first certificate</div>

<div><br></div><div>     No client certificate CA names sent</div><div>&gt;&gt; \
Verify return code: 21 (unable to verify the first \
certificate)</div></div><div><br></div><div><br></div><div>I have no idea how to send \
client cercificate CA names ...</div>

</div><div><br></div><br><div class="gmail_quote">2010/4/29 Vladimir Belov <span \
dir="ltr">&lt;<a href="mailto:ml.vladimbelov@gmail.com" \
target="_blank">ml.vladimbelov@gmail.com</a>&gt;</span><div \
class="im"><br><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex">

<br>
I think there is no such file yet. I could be mistaken.<br>
<br>
For what do you need this file? Do you want to know how to create a self-signed test \
certificate  or something else?<br> <br><blockquote class="gmail_quote" \
style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div><br></div></blockquote></blockquote></div></div> \
</blockquote></div><br></div>


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic