I am in the process of learning SSL programming. I am developing simpe SSL server and client apps that are both being tested on the same Windows machine. The problem comes during the SSL handshake - the client is rejecting the server certificate with the following error:
-Error with certificate at depth: 1 issuer = /C=US/ST=VA/L=Fairfax/O=Zork.org/CN=Root CA subject = /C=US/ST=VA/L=Fairfax/O=Zork.org/OU=Server Division/CN=Server CA err 24:invalid CA certificate ** Main.c:70 Error connecting SSL object 3080:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:.\ssl\s3_clnt.c:1166: I created the following certificates: Create the root CA >openssl req -newkey rsa:1024 -sha1 -keyout rootkey.pem -out rootreq.pem >openssl x509 -req -in rootreq.pem -sha1 -extensions v3_ca -signkey rootkey.pem -out rootcert.pem >type rootcert.pem rootkey.pem > root.pem >openssl x509 -subject -issuer -noout -in root.pem subject= /C=US/ST=VA/L=Fairfax/O=Zork.org/CN=Root CA issuer= /C=US/ST=VA/L=Fairfax/O=Zork.org/CN=Root CA Create the server CA and sign it with the root CA >openssl req -newkey rsa:1024 -sha1 -keyout serverCAkey.pem -out serverCAreq.pem >openssl x509 -req -in serverCAreq.pem -sha1 -extensions v3_ca -CA root.pem -CAkey root.pem -CAcreateserial -out serverCAcert.pem >type serverCAcert.pem serverCAkey.pem rootcert.pem > serverCA.pem >openssl x509 -subject -issuer -noout -in serverCA.pem subject= /C=US/ST=VA/L=Fairfax/O=Zork.org/OU=Server Division/CN=Server CA issuer= /C=US/ST=VA/L=Fairfax/O=Zork.org/CN=Root CA Create the server's certificate and sign it with the server CA >openssl req -newkey rsa:1024 -sha1 -keyout serverkey.pem -out serverreq.pem >openssl x509 -req -in serverreq.pem -sha1 -extensions usr_cert -CA serverCA.pem -CAkey serverCA.pem -CAcreateserial -out servercert.pem >type servercert.pem serverkey.pem serverCAcert.pem rootcert.pem > server.pem >openssl x509 -subject -issuer -noout -in server.pem subject= /C=US/ST=VA/L=Fairfax/O=Zork.org/CN=splat.zork.org issuer= /C=US/ST=VA/L=Fairfax/O=Zork.org/OU=Server Division/CN=Server CA Create the client certificate and sign it with the root CA >openssl req -newkey rsa:1024 -sha1 -keyout clientkey.pem -out clientreq.pem >openssl x509 -req -in clientreq.pem -sha1 -extensions usr_cert -CA root.pem -CAkey root.pem -CAcreateserial -out clientcert.pem >type clientcert.pem clientkey.pem rootcert.pem > client.pem >openssl x509 -subject -issuer -noout -in client.pem subject= /C=US/ST=VA/L=Fairfax/O=Zork.org/CN=shell.zork.org issuer= /C=US/ST=VA/L=Fairfax/O=Zork.org/CN=Root CA Create the dh512.pem dh1024.pem >openssl dhparam -check -text -5 512 -out dh512.pem >openssl dhparam -check -text -5 1024 -out dh1024.pem Can someone please let me know if I am configuring the certificates wrong? I am developing on a Windows XP machine using MSVS C++ 2010 Express with Openssl (version 1.0.1c). I am testing locally with IP=localhost and port=16001. Thanks.
