On Tue, Dec 26, 2006, Randy Schuster wrote: > Openssl-users@openssl.org, > > Been trying to get this working for a long time and don't seem to be making > progress. > > > banana >openssl s_client -connect iguscert.globalpay.com:443 > CONNECTED(00000003) > depth=1 /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign > International Se > rver CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 > Ver > iSign > verify error:num=20:unable to get local issuer certificate > verify return:0 > --- > Certificate chain > 0 s:/C=US/ST=Georgia/L=Atlanta/O=Global Payments Inc./OU=Systems & > Engineering/ > OU=Terms of use at www.verisign.com/rpa (c)00/CN=gpgw2.globalpay.com > i:/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International > Serve > r CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 > VeriSi > gn > 1 s:/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International > Serve > r CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 > VeriSi > gn > i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification > Authority > ---
You have to tell OpenSSL which CAs to trust. In this case the root CA is included in the OpenSSL distribution as certs/vsign3.pem. Try the command line switch: -CAfile /path/to/vsign3.pem Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
