Hi,
On 10/01/16 05:15, Anil Mathew wrote:
I am a novice in terms of ssl and hence have limited knowledge in this.
Please help
I have been a given a jks file that has server certificate, client
certificate and a key for the client certificate. I need to convert it to
pem to use it in my application.
I have converted a jks file to p12 and then to pem.
However when i try to verify i get the following error.
echo |openssl verify -verbose -purpose sslclient -issuer_checks -CApath
C:\Data\Openssl\demoCA\certs -CAfile client.pem client.pem
client.pem: /CN=cn/O=o/L=L/ST=il/C= c
error 29 at 0 depth lookup:subject issuer mismatch
/CN=cn/O=o/L=L/ST=il/C= c
error 29 at 0 depth lookup:subject issuer mismatch
/CN=cn/O=o/L=L/ST=il/C= c
error 29 at 0 depth lookup:subject issuer mismatch
/CN=cn/O=o/L=L/ST=il/C= c
error 29 at 0 depth lookup:subject issuer mismatch
/CN=cn/O=o/L=L/ST=il/C= c
error 20 at 0 depth lookup:unable to get local issuer certificate
this could be a PRINTABLE_STRING / UTF8_STRING mismatch - can you send
me the certificates (not the key!) via private email and I will have a
look. There are some funky options you can add to openssl to see how the
certificate is composed.
Also, it would help to list the exact version of openssl that you are
using (run 'openssl version').
HTH,
JJK
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
