Lawrence Rose wrote:
The most simple explanation would be that you forgot to tell the client to use the new serverCA.pm...Hi:I setup the four openSSL examples in Viega et al with certs and ran fine until the 30 day certs expired. Now after I cut a new root.pem and sereverCA.pem I cannot pass certificate verification. Where have I gone wrong? I've tried everything these past several days altering the cnf, recutting certs - any help most appreciated!err 19:self signed certificate in certificate chain ** client2.c:69 Error connecting SSL object1:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:894:
If this is not the case I'd need some more information, about how you tried to connect your server. What do you use as a server? Have you tried with "openssl s_server" and "openssl s_client""? If yes, what is the complete output of openssl s_client?
Hope it helps, Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26
smime.p7s
Description: S/MIME Cryptographic Signature
