I am not aware of what dpkg-reconfigure does, but try adding
"-CAfile /usr/share/ca-certificates/home.jltaylor.net.crt" to s_client and
check again.
-Sandeep
On Fri, Jan 14, 2011 at 10:47 AM, Jonathan Taylor wrote:
> I am trying to setup a TurnKey(debian based) MediaWiki installation to
> contac
wner-openssl-us...@openssl.org] On Behalf Of Duncan Berriman
Sent: Thursday, July 09, 2009 3:18 PM
To: openssl-users@openssl.org
Subject: Re: " unable to get local issuer certificate" & certificate not
trusted errors
Its likely that the certificate is not installed correctly and that
the pe
nssl-users@openssl.org
Subject: RE: " unable to get local issuer certificate" &
certificate not
trusted errors
Importance: High
who is the signer of certificate newcert.pem ? is it a self-signed
certificate ? it should not be. newcert.pem should be signed by a
trusted
CA (thawte,
rify return:1
Carlo
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Saju Paul
Sent: Friday, February 01, 2008 10:39 AM
To: openssl-users@openssl.org
Subject: RE: " unable to get local issuer certificate" & cer
> From: owner-openssl-us...@openssl.org On Behalf Of Duncan Berriman
> Sent: Wednesday, 22 April, 2009 06:20
> To: openssl-users@openssl.org
> Subject: RE: unable to get local issuer certificate
(cert from one server is SOMETIMES not verifying in client)
> > How about serialnu
> How about serialnumber? Is it possible that the server is clustered
> as you hypothesized, and different instances have different certs --
> both/all for the same subject=server (as would make sense),
> but one of them
> invalid?
Serial number is the same.
> I don't think there's any easy w
To be clear, your program is the client (on 'production server')
connecting to the 'web server'? Also to be sure, you're using
software OpenSSL in your program, not one of the hardware 'engines'?
yes I have reproduced this with openssl s_client
SSL_get_verify_result is returning "unable to
> From: owner-openssl-us...@openssl.org On Behalf Of Duncan Berriman
> Sent: Tuesday, 21 April, 2009 10:18
> I'm doing final testing of some code on a production server
> and I have one website/SSL certificate that is randomly
> failing when I try to verify the certificate. Some times it
> work
who is the signer of certificate newcert.pem ? is it a self-signed
certificate ? it should not be. newcert.pem should be signed by a trusted
CA (thawte,verisign,godaddy etc.) or by a CA that is in google/gmail's CA
repository.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTE
On Tue, Dec 26, 2006, Randy Schuster wrote:
> Openssl-users@openssl.org,
>
> Been trying to get this working for a long time and don't seem to be making
> progress.
>
>
> banana >openssl s_client -connect iguscert.globalpay.com:443
> CONNECTED(0003)
> depth=1 /O=VeriSign Trust Network/OU=V
On 8/28/06, Milan Tomic <[EMAIL PROTECTED]> wrote:
While atempting to establish SSL connection I got this OpenSSL error:
Certificate Verification: Error (20): unable to get local issuer
certificate
[...]
One of the possible reasons for this error is that the server cert is
signed by an inter
Hi
I am not sure about the kind of cert u are having problem with. Is
this some standard cert of some site (than pass on the URL) or if some
internal site, than please check that complete chain is present in the
IE CA list. Also, the CA cert should be installed in the Trusted root
certs lists in
On 7/3/06, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote:
On Mon, Jul 03, 2006, snacktime wrote:
> Well I figured out what's happening. The reason windows was
> complaining about the certificate is that the subjectkeyidentifier was
> getting set to the same value as authoritykeyidentifier. Fire
On Mon, Jul 03, 2006, snacktime wrote:
> Well I figured out what's happening. The reason windows was
> complaining about the certificate is that the subjectkeyidentifier was
> getting set to the same value as authoritykeyidentifier. Firefox
> didn't pick up on this, but windows did.I was cre
Well I figured out what's happening. The reason windows was
complaining about the certificate is that the subjectkeyidentifier was
getting set to the same value as authoritykeyidentifier. Firefox
didn't pick up on this, but windows did.I was creating the
subjectkeyidentifier before the subje
On 7/2/06, snacktime <[EMAIL PROTECTED]> wrote:
> If you are getting odd behaviour there are a couple of possibilities. If the
> certificate database is corrupted that could cause this. Another possibility
> is that the issuer name and serial number is identical for two distinct
> certificates: t
If you are getting odd behaviour there are a couple of possibilities. If the
certificate database is corrupted that could cause this. Another possibility
is that the issuer name and serial number is identical for two distinct
certificates: that is a violation of the standards.
MSIE can tolerate s
On Sun, Jul 02, 2006, snacktime wrote:
> On 7/2/06, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote:
> >On Sun, Jul 02, 2006, snacktime wrote:
> >
> >> Oops, you will also need this cert in the ca chain. The client cert
> >> that does verify was issued by this cert, which was issued by the
> >> root
On 7/2/06, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote:
On Sun, Jul 02, 2006, snacktime wrote:
> Oops, you will also need this cert in the ca chain. The client cert
> that does verify was issued by this cert, which was issued by the
> root. The one I gave you that does not verify was issued b
On Sun, Jul 02, 2006, snacktime wrote:
> Oops, you will also need this cert in the ca chain. The client cert
> that does verify was issued by this cert, which was issued by the
> root. The one I gave you that does not verify was issued by the root
> ca directly.
>
>
That's your problem then.
Oops, you will also need this cert in the ca chain. The client cert
that does verify was issued by this cert, which was issued by the
root. The one I gave you that does not verify was issued by the root
ca directly.
I think there is something wrong with my ca certs, because when I
create a new
On 7/2/06, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote:
On Sun, Jul 02, 2006, snacktime wrote:
>
> openssl verify -CAfile chain.pem test.cer
> test.cer: /CN=test/OU=test/O=test/ST=test/emailAddress=test/C=test
> error 20 at 0 depth lookup:unable to get local issuer certificate
>
That means it
On Sun, Jul 02, 2006, snacktime wrote:
>
> openssl verify -CAfile chain.pem test.cer
> test.cer: /CN=test/OU=test/O=test/ST=test/emailAddress=test/C=test
> error 20 at 0 depth lookup:unable to get local issuer certificate
>
That means it can't find the CA that signed test.csr. That could be bec
On Tue, Jul 17, 2001 at 02:45:57PM +1000, Damitha Bogahawatta wrote:
> openssl req -new -newkey rsa:512 -md5 -x09 -keyout cakey.pem -out
> cacert.pem
>
> Then created server and client certificates and signed them using CA's
> private key. But when I use these certificates I am getting three erro
># openssl x509 -hash -noout -in airrp.pem
>c89aa68b
It was a typo in the example given above. The input file was actually
called "mycert.pem", not "airrp.pem" as submitted earlier in the last
message. I didn't generate wrong hash of a different certificate :-)
The same problem still persists.
25 matches
Mail list logo
