Hi,
I haven't used this
software before, but I've checked the FAQ and I can't see anything relevant. I'm
using OpenSSL 0.9.7c with a Web mail application, Prayer (University of
Cambridge). I've obtained and installed a server certificate from an external CA
(GlobalSign in Belgium). I've installed all the certificates in their chain
(root CA plus two intermediate) in the OpenSSL store and created links
using the hash code as described in the documentation. They all verify OK.
However, when I test the server certificate using:
openssl verify
-verbose -CApath /usr/local/ssl/certs
/home/ccent/in1012/wlv_ac_uk.pem
about 50% of the
time it replies:
/home/ccent/in1012/wlv_ac_uk.pem: OK
and the other 50% it
says:
/home/ccent/in1012/wlv_ac_uk.pem: /C=BE/O=GlobalSign nv-sa/OU=ServerSign
CA/CN=GlobalSign ServerSign CA
error 7 at 1 depth lookup:certificate signature failure
29838:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100:
29838:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:580:
29838:error:0D089006:asn1 encoding routines:ASN1_verify:EVP lib:a_verify.c:162:
error 7 at 1 depth lookup:certificate signature failure
29838:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100:
29838:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:580:
29838:error:0D089006:asn1 encoding routines:ASN1_verify:EVP lib:a_verify.c:162:
I've found
references to this in the mailing list, but only for old versions of OpenSSL.
Any ideas how I can fix this?
Max
Caines
IT Services, University of Wolverhampton
Wolverhampton, West Midlands WV1 1SB
Tel: 01902 322245 Fax: 01902 322699
IT Services, University of Wolverhampton
Wolverhampton, West Midlands WV1 1SB
Tel: 01902 322245 Fax: 01902 322699
