> From: owner-openssl-us...@openssl.org On Behalf Of Pingzhong Li > Sent: Monday, 20 February, 2012 14:55 > To: openssl-users@openssl.org > Subject: self signed cert verification is failed
> we have a server which has a self signed certificate, however > when we tried > to use openssl to connect to server, the server certification > verification > is always failing. So I used s_client command to try to find > out why it is > failing. <snip> commandline verify also gives the error, more easily. > Attached is the ca file which has the self signed cert > http://old.nabble.com/file/p33359051/serverCert.pem > serverCert.pem . We > used self signed cert before and we didn't see any verification issues > before. I am thinking that it might be that openssl doesn't > like this self > signed cert for some reasons, however after inspection of the > cert, I could > not find anything wrong with self signed cert. Could someone shed some > lights on this? OpenSSL implements a self-signed cert as issued by itself (which it kind of is) and so won't recognize it if KeyUsage is present and does not allow keyCertSign. (Unless, I see in stepping through check_issued, the subject has proxyCertInfo, which I never heard of, and appears probably unusable here anyway.) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org