Re: error 20 at 0 depth lookup:unable to get local issuer certificate

Frédéric PAILLETTE Thu, 25 Nov 2004 07:06:13 -0800

Florin Angelescu wrote:

hello i have build openldap with openssl support and when a client try to connect i got :

TLS certificate verification: depth: 1, err: 19, subject: /C=BE/ST=BELGIUM/L=BRUSSELS/O=CAAMI_CA/OU=CCI/CN=CAAMI_CA/[EMAIL PROTECTED], issuer: /C=BE/ST=BELGIUM/L=BRUSSELS/O=CAAMI_CA/OU=CCI/CN=CAAMI_CA/[EMAIL PROTECTED] TLS certificate verification: Error, self signed certificate in certificate chain tls_write: want=7, written=7 0000: 15 03 01 00 02 02 30 ......0 TLS trace: SSL3 alert write:fatal:unknown CA
any tips ?
thank you
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

The CA is unknown so use SSL_CTX_load_verify_locations() to add the CA certificate in trusted CAs or ignore this parameter in the callback function called during the certificate verification. look at http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html and http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html

if it is not enough clear, email me.

Frederic

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Re: error 20 at 0 depth lookup:unable to get local issuer certificate

Reply via email to