Fw: Error: unable to get local issuer certificate!!!

Fri, 12 Sep 2008 02:23:57 -0700 

Hi All,

Please provide any solution for
error:
Response Verify Failure
11114:error:27069065:OCSP routines:OCSP_basic_verify:certificate verify 
error:ocsp_vfy.c:122:Verify error:unable to get local issuer certificate
resolve.pem: unknown
        This Update: Sep  8 16:38:27 2008 GMT

more description is provided in below mail

Advance Thanks & Regards,
Shivakumar

----- Original Message ----- 
From: Shivakumar Balur 
To: openssl-users@openssl.org 
Sent: Thursday, September 11, 2008 6:43 PM
Subject: Error: unable to get local issuer certificate!!!


Hi,

Mail is quite big with description. please read through and help me.

Below are the configuration and execution done for OCSP request and response.

*what is the reason for error?
* what is the solution for error?


Any reply is appreciated.
:)

I have provided even folder structure because, error related to "unable to get 
local issuer certificate". 
Folder structure: certifiacte/CACERT/demoCA

CLIENT: 
executed at certificate/

Root key generated: openssl genrsa -out rootkey.pem 1024

root self-signed certificate: openssl req   -x509 -nodes -days 365   -newkey 
rsa:1024 -keyout rootkey.pem -out rootcert.pem

request generated:  openssl req -nodes -days 365   -newkey rsa:1024 -keyout 
reqkey.pem -out reqreq.pem 

issuing: openssl x509 -days 365 -CA rootcert.pem -CAkey rootkey.pem -req 
-CAcreateserial -CAserial ca.srl -in reqreq.pem -out resolve.pem

 Request sent: openssl ocsp -issuer rootcert.pem -cert resolve.pem  -url 
http://xxx.xxx.xx.xxx:8888 -resp_text -respout resp.der

error:
Response Verify Failure
11114:error:27069065:OCSP routines:OCSP_basic_verify:certificate verify 
error:ocsp_vfy.c:122:Verify error:unable to get local issuer certificate
resolve.pem: unknown
        This Update: Sep  8 16:38:27 2008 GMT
----------------------------------------------------------------------
RESPONDER:
Folder structure: certifiacte/CACERT/demoCA/private/firstkey.pem
                           certifiacte/CACERT/demoCA/certs
                            certifiacte/CACERT/demoCA/index.txt
                            certifiacte/CACERT/demoCA/cacert.pem

1. Created folder(CACERT) 
2. copied CA.pl from( /usr/lib/ssl/misc/CA.pl) into CACERT.
3. copied openssl.cnf from (/usr/lib/ssl/openssl.cnf ) into CACERT.

executed: ./CA.pl -newca (creates demoCA folder which consist index.txt 
file,cacert.pem file, private folder,certs folder,newcerts folder and etc..)

key generated at demoCA/private/:  openssl genrsa -out firstkey.pem 1024  

request generated /demoCA/certs/:  openssl req -new -key 
demoCA/private/firstkey.pem -out req1.pem

(renamed req1.pem as newreq.pem)
now execute->  ./CA.pl -sign (newcert.pem is created)

Responder:
 openssl ocsp -index demoCA/index.txt -port 8888 -rsigner newcert.pem -rkey 
demoCA/private/first.key -CA demoCA/cacert.pem -text -out log.txt


Advance Thanks & Regards,
Shivakumar Balur

Reply via email to