Vishal V wrote:
>
> Dear Lutz,
> Thanks for the insight. Well it took about 1 minute after which the
> connection got closed. So that means the connection got timed out
> -----------------------------------------------------------------------------------------------------------------------------
>
> And Please see below the output for the command below.
> ------------------------------------------------------------------------------------------------------------------------------
>
> COMMAND: [EMAIL PROTECTED]:/home/Me/test>openssl s_client -connect
> remote_server. com:8444
> ------------------------------------------------------------------------------------------------------
>
> CONNECTED(00000004)
> depth=0 /C=US/ST=London/L=Palace House/O=ABCbank/OU=ZIT-A CMA BOS
> (2.3.5.1)/CN=shsvd3a.gde
> verify error:num=18:self signed certificate
> verify return:1
> depth=0 /C=UK/ST=London/L=Palace House/O=ABCbank/OU=ZIT-A CMA BOS
> (2.3.5.1)/CN=shsvd3a.gde
> verify return:1
> ---
> Certificate chain
> 0 s:/C=UK/ST=London/L=Sherborne House/O=ABCbank/OU=ZIT-A CMA BOS
> (2.3.5.1)/CN=shsvd3a.gde
> i:/C=UK/ST=London/L=Palace House/O=ABCbank/OU=ZIT-A CMA BOS
> (2.3.5.1)/CN=shsvd3a.gde
> ---
> Server certificate
> -----BEGIN CERTIFICATE-----
> MIICgDCCAekCBETYvTYwDQYJKoZIhvcNAQEEBQAwgYYxCzAJBgNVBAYTAlVLMQ8w
> DQYDVQQIEwZMb25kb24xGDAWBgNVBAcTD1NoZXJib3JuZSBIb3VzZTEUMBIGA1UE
> ChMLQ29tbWVyemJhbmsxIDAeBgNVBAsTF1pJVC1BIENNQSBCT1MgKDIuMy41LjEp
> MRQwEgYDVQQDEwtzaHN2ZDNhLmdkZTAeFw0wNjA4MDgxNjM1MDJaFw0yMzAxMTEx
> NjM1MDJaMIGGMQswCQYDVQQGEwJVSzEPMA0GA1UECBMGTG9uZG9uMRgwFgYDVQQH
> Ew9TaGVyYm9ybmUgSG91c2UxFDASBgNVBAoTC0NvbW1lcnpiYW5rMSAwHgYDVQQL
> ExdaSVQtQSBDTUEgQk9TICgyLjMuNS4xKTEUMBIGA1UEAxMLc2hzdmQzYS5nZGUw
> gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMqFdZrLVDXMgrnX7ne6IfRqo38C
> ODn2vXMiy+khDVLUDxPh0qsMmV03loPhzwLNviBhxxamiBbtsXXe6ztXf09LOmtu
> g4UTQUXuBTaBqsOivqZBmr2Nxaq9j7Ma3dVG+dAsgfSgzn5h78sWfQkD+hX6DCXR
> xFxP2Ls1wrnJ5Ia9AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAgfOx7UeISfuw04OU
> EC4Ur5uNPE2kQ92KSNgLRJMZ/xQYjZVmCWSOEJVO+NrLWuO6Mv86cnKPLBWnCRFe
> GYm9EIbMKDExs8QWU0+gYkUHBHjtWbMYIeiFNUFBQvr+rqINdci2L52jRbLeWPgY
> HK+zxEoiBFpbDEciVFUzyq1XTeA=
> -----END CERTIFICATE-----
> subject=/C=UK/ST=London/L=Palace House/O=ABCbank/OU=ZIT-A CMA BOS
> (2.3.5.1)/CN=shsvd3a.gde
> issuer=/C=UK/ST=London/L=Palace House/O=ABCbank/OU=ZIT-A CMA BOS
> (2.3.5.1)/CN=shsvd3a.gde
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 1185 bytes and written 338 bytes
> ---
> New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
> Server public key is 1024 bit
> SSL-Session:
> Protocol : TLSv1
> Cipher : EDH-RSA-DES-CBC3-SHA
> Session-ID:
> 46726624C4EB38AE5973400F43D1FFEBD885BD16DD48F5DBAE4139F20421FAA0
> Session-ID-ctx:
> Master-Key:
> E94EEF3AF384401AE38F2777EF80C490D83F9846F9949E226C6386273E552ED74B3E5CB55D92AF751A423F3341E9970A
>
> Key-Arg : None
> Start Time: 1181902372
> Timeout : 300 (sec)
> Verify return code: 18 (self signed certificate)
> ---
> QUIT
> DONE
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>
Judging from this output your network connection to the remote site is ok.
The remote site is able to speak SSL as well, as it seems. It does not
seem to
request a client certificate (you have been allowed to connect.
However: s_client has not been able to verify the server's certificate but
as no strict policy to enforce checking of the certificate is set in
s_client.
In another mail the error message was:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate
verify failed
indicating that your client enforces verification of the server
certificate. Most likely the CA
certificate needed (which is identical to the server certificate as it
is self signed :-) is
missing from your configuration.
Best regards,
Lutz
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
