thanks martin, your response shade some light and i can now understand what im doing. Im trying to create a two way ssl connection, the problem when verifying the connection to the server, its using my RootCA instead of the server, hence throwing verification error 19. would you please advise on what might be wrong
On Wed, Jan 8, 2014 at 8:27 PM, Martin Hecht <he...@hlrs.de> wrote: > On 08.01.2014 15:32, Yvonne Wambui wrote: > > i get this error when verifing a non-self signed certificate. how do i > make > > it not point to the rootCA > > > It makes no sense to verify a non-self signed certificate without the > rootCA certificate. To verify such a certificate you have to provide the > certificate chain (which might be just one issuing CA, but often also > some intermediate sub-CAs). A set of trusted CA certificates is provided > by the distributions (most browsers bring their own collection of CA > certificates). If the CA which has issued the certificate you are trying > to verify is not included there, you can provide it on the command line > for the openssl command or manually copy it into the folder your > distribution is using, or you collect all your private trusted > certificates in a folder which you manage. Depending which option you > choose, you can specify the details when calling openssl verify by the > parameters -CAfile or -CApath. You don't have to trust the intermediate > CA's explicitly, but you have to provide the certificates if there are > some (that's the -untrusted parameter). For details see the man page of > the verify utility. > >
