|
Ok.
This is hopefully a simple question, and one that I see quite a bit in the
archives. However, everything I’ve tried and gleaned from searching
the archives have come up nothing. I have server certificate from a
Microsoft Domain Controller that was created via MS’s certificate authority.
I’m trying to get Openssl to connect to it, but I get the now
familiar “unable to get local issuer certificate” error when using
s_client. I have the CA certificate, and there is, to my knowledge, no intermediate
certificates. I have tried putting the CA certificate into the certs
directory defined in openssl.cnf with a symbolic link of the cert’s hash
value pointing to it. I have tried doing openssl verify –Cafile ./sandbox-ca.pem
server-cert.pem and still get the same error. Now, my assumption is that
if I try to do a verify on a server certificate and provide (via the –Cafile
option) that SHOULD be all it needs to verify the certificate correct? Is
there something wrong with my certs? I’ve provided both in the
email so that maybe someone can point out what the problem is: N1-wrath.sandbox.com (sandbox.com is a virtual domain used
for testing): -----BEGIN CERTIFICATE----- MIIFszCCBJugAwIBAgIKGlNrzAAAAAAAAjANBgkqhkiG9w0BAQUFADBDMRMwEQYK CZImiZPyLGQBGRYDY29tMRcwFQYKCZImiZPyLGQBGRYHc2FuZGJveDETMBEGA1UE AxMKU2FuZGJveCBDQTAeFw0wNjA4MjMxNTM5NDNaFw0wNzA4MjMxNTM5NDNaMB8x HTAbBgNVBAMTFG4xLXdyYXRoLnNhbmRib3guY29tMIGfMA0GCSqGSIb3DQEBAQUA A4GNADCBiQKBgQDfYb6tJxC8E4GMIIXwuV2VuUTKMavBRjem04DRZzYDpLky4mOo cBd8s8DwlmRKqtW68LxIhRxHZc6K3y8ytXeFD9VMKTX9hPl3Tk+vvQ/Q2Xjv1CwG wTRqaeAbnZK+15Q6WkM61yAu0XA3U1f6RaBA5PZFyFbTOkSN0TAJiHw2tQIDAQAB o4IDTzCCA0swCwYDVR0PBAQDAgWgMEQGCSqGSIb3DQEJDwQ3MDUwDgYIKoZIhvcN AwICAgCAMA4GCCqGSIb3DQMEAgIAgDAHBgUrDgMCBzAKBggqhkiG9w0DBzAdBgNV HQ4EFgQUAduzIdaqGDT41RLrYhQJdAR+YPswLwYJKwYBBAGCNxQCBCIeIABEAG8A bQBhAGkAbgBDAG8AbgB0AHIAbwBsAGwAZQByMB8GA1UdIwQYMBaAFEcKpdwNYJ/A b+MFCQo8wgaO7VtCMIIBBAYDVR0fBIH8MIH5MIH2oIHzoIHwhoG0bGRhcDovLy9D Tj1TYW5kYm94JTIwQ0EsQ049bjEtd3JhdGgsQ049Q0RQLENOPVB1YmxpYyUyMEtl eSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9c2Fu ZGJveCxEQz1jb20/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVj dENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50hjdodHRwOi8vbjEtd3JhdGguc2Fu ZGJveC5jb20vQ2VydEVucm9sbC9TYW5kYm94JTIwQ0EuY3JsMIIBGgYIKwYBBQUH AQEEggEMMIIBCDCBqwYIKwYBBQUHMAKGgZ5sZGFwOi8vL0NOPVNhbmRib3glMjBD QSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMs Q049Q29uZmlndXJhdGlvbixEQz1zYW5kYm94LERDPWNvbT9jQUNlcnRpZmljYXRl P2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhvcml0eTBYBggrBgEF BQcwAoZMaHR0cDovL24xLXdyYXRoLnNhbmRib3guY29tL0NlcnRFbnJvbGwvbjEt d3JhdGguc2FuZGJveC5jb21fU2FuZGJveCUyMENBLmNydDAdBgNVHSUEFjAUBggr BgEFBQcDAgYIKwYBBQUHAwEwQAYDVR0RBDkwN6AfBgkrBgEEAYI3GQGgEgQQgto8 vGzkE0+9zIRFWXgxVYIUbjEtd3JhdGguc2FuZGJveC5jb20wDQYJKoZIhvcNAQEF BQADggEBAJjCdQkVc+QOSMp81/Og7/2X8nJDEP6qJqPnJjVLAfWnMJjYzbj3bZs0 XompdxVxNb7CchT3TEJoUMnGGzTSu7J0di+Qgwt7lMfOR6BFOYal03fscuLQmALZ U4/4K//QJV9MWungDMkj0XBGg86HJzwtUpZeu7bUdgmcRCYfZhTdY42fD13a9bGD IGcz6LAAYBMWwfIDQ0UL6CuFIkS6j7WTxxLWzB+i8cxrEMhLvpUT54fJQnYfNkhS 4Wg12/MUGn9ykK1IFk3ym+FgB20K5vjAykx3DVqdxKG1pa+NhDHdpgcv+cI7wyUA bBtxiZa2V2vB2x+BV0f0LYVB+3KgrOU= -----END CERTIFICATE----- The CA certificate from the sandbox.com domain controller
(which happens to be n1-wrath): -----BEGIN CERTIFICATE----- MIIEgjCCA2qgAwIBAgIQHZSufQev7bBPeD3puDiTZDANBgkqhkiG9w0BAQUFADBD MRMwEQYKCZImiZPyLGQBGRYDY29tMRcwFQYKCZImiZPyLGQBGRYHc2FuZGJveDET MBEGA1UEAxMKU2FuZGJveCBDQTAeFw0wNjA4MjMxODEwNDJaFw0xMTA4MjMxODE5 MTFaMEMxEzARBgoJkiaJk/IsZAEZFgNjb20xFzAVBgoJkiaJk/IsZAEZFgdzYW5k Ym94MRMwEQYDVQQDEwpTYW5kYm94IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A MIIBCgKCAQEAzi1RBABv+NIwN6V5Cb36Xvh4aBR0meZu6Dt7C03E2NGLRuqByGEZ roxHFmxfw3iLEXCG4wuX8vgmofL25Zxs4SFh0AGTXRLtyCgWkcaRtaRLv/2uOdxu cfzr0lQujvuaBwORG2b/oxMvaHNs7Fn1W+dDl8mtaq1GIoW4Cy37xWvEK/cLfxzK Ar2ieI9edSMTDn23ckksKhFVhz4vQN2eDGR6hS7a22ocxFf+X5bbCZih8gtsZq7P tNByxtAtqxPvFK+KvBphFi8W7W4xRwY9jbgigjluzM4HxtqmNHUWmhFtOjdwnfDd RJPxgLVvkrlNz8xQi4s4j2f/naIZUDZMIQIDAQABo4IBcDCCAWwwEwYJKwYBBAGC NxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O BBYEFFF6eyh++VR2O41NFn610FcKO2RIMIIBBAYDVR0fBIH8MIH5MIH2oIHzoIHw hoG0bGRhcDovLy9DTj1TYW5kYm94JTIwQ0EsQ049bjEtd3JhdGgsQ049Q0RQLENO PVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3Vy YXRpb24sREM9c2FuZGJveCxEQz1jb20/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlz dD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50hjdodHRwOi8v bjEtd3JhdGguc2FuZGJveC5jb20vQ2VydEVucm9sbC9TYW5kYm94JTIwQ0EuY3Js MBAGCSsGAQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQCpf6vt20PD17bi /GJFzIbR+fnjbmYtM6dCcjJoxquxMhBG6YDh29kNIoztDXShEOVPxhFYeaDvONEk v39WBYpyCqwQogQkNAQGOP0j+hzVJqxJtwZW0GE2QW+5pmdYJkzcD7R7ckZvHU9t ngYBqbCZQTVPFCxit0nHiwNLe0P+aFb4cc7xq+l4Sd/9GyDAnQLsJ8NL8seqWbVZ NPA70dgYj1qJR08yuJlB48yXkOyOG0GJQvsZpmwMV5r7feKjQCQnRV7fYHSTpsh6 RYx+zA1okfkaqBQ75RAoidiGyYkeBKwp+I+SzHf7011dUajRMik2ZD7u7APa6sZB zVlJ7wPM -----END CERTIFICATE----- Thoughts anyone? My head is starting to hurt from
beating it on this particular wall. J |
- Certificate Verification Aaron Smith
- Re: Certificate Verification Dr. Stephen Henson
- Re: Certificate Verification Vincenzo Sciarra
- RE: Certificate Verification Aaron Smith
- Certificate Verification Tim Corio
- Re: Certificate Verification Marek Marcola
- Certificate verification Marc St-Jacques
