Hello, I am experiencing a problem with self-signed server certificates generated by z/OS's pskkyman program in my openssl-enabled telnet client. Usually, a self- signed certificate will generate an error of "self-signed certificate" in my certificate verify callback routine. If I add the certificate to openssl's root store, further verifys are OK. The z/OS certificates, which are self-signed, generate 2 errors: "unable to get local issuer certificate" and "unable to verify the first certificate". I have previously only seen these errors on CA-signed certs. Can anybody tell me how a self-signed cert can generate these errors instead of the "self-signed certificate" error? I have attached the certificate in question. Any help would be appreciated.
Jim Adams Principal Software Developer Seagull Software Systems, Inc. Voice: (703) 393-2881 x540, Fax: (703) 393-2160 <mailto: [EMAIL PROTECTED]>
-----BEGIN CERTIFICATE----- MIICkzCCAfygAwIBAgIIQS3rSgAC0jYwDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UE BhMCVVMxCzAJBgNVBAgTAkdBMRAwDgYDVQQHEwdBdGxhbnRhMRkwFwYDVQQKExBT RUFHVUxMIFNvZnR3YXJlMRkwFwYDVQQDExB6L09TIENlcnRpZmljYXRlMB4XDTA0 MDgyNjEzNTMxNFoXDTA3MDUyMzEzNTMxNFowYjELMAkGA1UEBhMCVVMxCzAJBgNV BAgTAkdBMRAwDgYDVQQHEwdBdGxhbnRhMRkwFwYDVQQKExBTRUFHVUxMIFNvZnR3 YXJlMRkwFwYDVQQDExB6L09TIENlcnRpZmljYXRlMIGfMA0GCSqGSIb3DQEBAQUA A4GNADCBiQKBgQC+f7PwBsmEYUqLsMktSeMGF3f5Kngyw4cuxxCK56TxUBeiltaL mzCJQr/nK3f872gfbw7C3rEt1VR9selE7hFwHAGSzuuG/X+N/uiu5hyKlHhEWhEc YHQ7F0ODVB+Vdoj8PJxTss4yYVM9xMLpQLyfTQ0T0hmsl2MXTyNg+lICSwIDAQAB o1IwUDAdBgNVHQ4EFgQUOlXLrLLP6aFOCYOa5WXD7CC8kmAwHwYDVR0jBBgwFoAU OlXLrLLP6aFOCYOa5WXD7CC8kmAwDgYDVR0PAQH/BAQDAgTwMA0GCSqGSIb3DQEB BQUAA4GBAB4iIWTJIVvt5iWzLdyKcISw/Fa1mNRgueZRJdsrBOXYMbAklDTqLDZg 02ylP4pXFTltLESP17YVe87y0AeuL0caL7BRNeKTtaHT7FNHpwnDvpihIwsnZCI0 dhtP7XOt7o46D52fGiU1NrJrTtbyXLcJqfBAdyAxyWZodqkUOafG -----END CERTIFICATE-----
