|
Ted: Thanks for the s_server/s_client suggestion. Here is the complete output. The server appears to be ok but not the client??? $ openssl x509 -subject -issuer -dates -noout -in client.pem subject= /C=US/ST=NJ/L=Florham Park/O=AT&T Labs - Research/CN=solarium.research.att.com issuer= /C=US/ST=New Jersey/L=Florham Park/O=AT&T Research/OU=Project Daytona/CN=Root CA/[EMAIL PROTECTED] notBefore=May 29 13:32:47 2006 GMT notAfter=Aug 27 13:32:47 2006 GMT $ openssl s_client -cert solar_client.pem -CAfile private/root.pem Enter pass phrase for solar_client.pem: CONNECTED(00000003) depth=0 /C=US/ST=NJ/L=Florham Park/O=AT&T Research/CN=solarium.research.att.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /C=US/ST=NJ/L=Florham Park/O=AT&T Research/CN=solarium.research.att.com verify error:num=27:certificate not trusted verify return:1 depth=0 /C=US/ST=NJ/L=Florham Park/O=AT&T Research/CN=solarium.research.att.com verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/C=US/ST=NJ/L=Florham Park/O=AT&T Research/CN=solarium.research.att.com i:/C=US/ST=New Jersey/L=Florham Park/O=AT&T Research/OU=Project Daytona/CN=Server CA/[EMAIL PROTECTED] --- Server certificate -----BEGIN CERTIFICATE----- MIIDITCCAoqgAwIBAgIJAO6mHI2tDrICMA0GCSqGSIb3DQEBBQUAMIGnMQswCQYD VQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEVMBMGA1UEBxMMRmxvcmhhbSBQ YXJrMRYwFAYDVQQKFA1BVCZUIFJlc2VhcmNoMRgwFgYDVQQLEw9Qcm9qZWN0IERh eXRvbmExEjAQBgNVBAMTCVNlcnZlciBDQTEmMCQGCSqGSIb3DQEJARYXbGxyb3Nl QHJlc2VhcmNoLmF0dC5jb20wHhcNMDYwNTExMTkzOTE4WhcNMDYwNjEwMTkzOTE4 WjBtMQswCQYDVQQGEwJVUzELMAkGA1UECBMCTkoxFTATBgNVBAcTDEZsb3JoYW0g UGFyazEWMBQGA1UEChQNQVQmVCBSZXNlYXJjaDEiMCAGA1UEAxMZc29sYXJpdW0u cmVzZWFyY2guYXR0LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnZ6G ABZn1fiZSKm9qKAqgBgUcAc+KGfl5tjYntI8/FDuChb1DfyV4pVe2pFAwW+ygoja 6PysSOgKyv4+gXV30oJlf15t5+lgUZcD5qcDxxB8veXLj0mGHC0Ix5MkIYGUug3o P+li2El3jL8A2X6EX48Tnl/4yfNS6Y4Aylz9CqUCAwEAAaOBjTCBijAJBgNVHRME AjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0 ZTAdBgNVHQ4EFgQUWNSJ0NTZ0pQfv9Plw/FQYfCQO1EwHwYDVR0jBBgwFoAUu+EG Tw2pfgNkGn+0R4NXgMIBffgwDwYDVR0RBAgwBoIERlFETjANBgkqhkiG9w0BAQUF AAOBgQAxhA6JbbWbtEWhUOYBcKzY2J+ma9ehlKVyIdgG125mBYENpvgqUCJI5LRq rPaJIiTR4ZPnvGZPmPnyExMc60qDRIVVz0eHS4N8DTMWCWl8UEGdZGgp2nIKRBI+ QYy11KyUTha4DbqkClqoDek8uH6KCBERIJmXbGk3w1t/94QoQw== -----END CERTIFICATE----- subject=/C=US/ST=NJ/L=Florham Park/O=AT&T Research/CN=solarium.research.att.com issuer=/C=US/ST=New Jersey/L=Florham Park/O=AT&T Research/OU=Project Daytona/CN=Server CA/[EMAIL PROTECTED] --- No client certificate CA names sent --- SSL handshake has read 1241 bytes and written 282 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 65D362077A58400D5948A09B439192B7CDD4D93659DD16AC66243A77D8327F58 Session-ID-ctx: Master-Key: 015592B02BAFBC6AD70BBBA597B25D5BEA50A78F7A7DCA23A2555B4E46748382C1E11F1FCD28216510AA3923807AB5CD Key-Arg : None Start Time: 1148910284 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- -- larry
Bernhard Froehlich wrote: Lawrence Rose wrote: |
- Re: Certificate error Lawrence Rose
- Re: Certificate error Marek Marcola
- Re: Certificate error FIXED Lawrence Rose
