Hi I try to Google for openssl x509 -purpose, but no information at all. What is that ?? I try this command and it gives me :
Certificate purpose: SSL client : yes SSL client CA: no SSL server : no SSL server CA: no Netscape SSL server: No Netscape SSL server CA: No S/MINE signing: YES S/MINE signing CA: NO S/MINE encrytion: YES S/MINE encrytion CA: NO CRL signing: No CRL signing CA: No Any Purpose: Yes Any Purpose CA: Yes OCSP helper: Yes OCSP helper CA: No I do not have a clue for this command. Please help. TD -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola Sent: Tuesday, July 03, 2007 18:36 To: openssl-users@openssl.org Subject: RE: Looking for command in openssl to verify CA Hello, > My program work fine with my own cert/private key, but give the > following error if I load with real supposed certificate at client > program. > > ~Error with certificate at depth: 0 > issuer = /DC=dev/DC=jwrn/CN=JWRN Development > subject = /DC=dev/DC=jwrn/CN=Users/CN=mon error 26:unsupported > certificate purpose > client2.c:67 Error Connecting SSL object > 3083613872:error:14090086:SSL routine: > SSL_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:884; > > Do you know what it means?? Client's cert format wrong ??? Try to check with: $ openssl x509 -in vpn-server-crt.pem -purpose -noout Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
