I just ran into a similar situation recently. In verifying up the
certificate chain, openssl looks for the issuer to have a specific name,
which is nnnnnnnn.0 where nnnnnnnn is the hash value of the ASN1 encoding
of the distinguished name of the issuer of your certificate. To find out
the hash value use the c_hash script found in the tools directory under the
openssl top directory. Type . ./c_hash <issuer's cert file name>. This
will print out the hash use for renaming the issuer's certificate. You'll
need to do this for all certs up to the root certificate.
Hope this helps....
John Schuetz
"Bob Lockie" <[EMAIL PROTECTED]> on 03/03/99 04:24:01 PM
Please respond to [EMAIL PROTECTED]
To: SSL Mailing List <[EMAIL PROTECTED]>
cc: (bcc: John Schuetz/Fishkill/IBM)
Subject: CA certs
> I switched from a local CA to Verisign and I get the following error in
my SSLeay client:
>
> error 20 at depth 0: unable to get local issuer certificate
> name=/C=CA/ST=Ontario/L=Ottawa/O=NortelNetworks/OU=Information
Systems/CN=zcarh02u.ca.nortel.com
>
> I have tried many of certificates that come with the Stronghold web
server (one of them must be the Verisign > > CA) but nothing works
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
