Hi,
On 30/06/21 15:22, Paulo Wollny wrote:
Hi,
thank you for the answer.
can you please point the right direction for solution, please?
try
http://httpd.apache.org/userslist.html
Regarding the "look suspicious - it means your client is connecting
from 127.0.0.1 and your server is also li
Hi,
thank you for the answer.
can you please point the right direction for solution, please?
Regarding the "look suspicious - it means your client is connecting from
127.0.0.1 and your server is also listening on 127.0.0.1 ; is this
really what you have in mind? " i'm testin on my local syst
Hi,
On 30/06/21 00:23, Paulo Wollny wrote:
Dear @ll
My environment:
OpenSSL 1.1.1f 31 Mar 2020
Ubuntu 20.04
Server version: Apache/2.4.41 (Ubuntu)
Server built: 2021-06-17T18:27:53
My problem:
connecting to a secure server requiring client certificate, i get the
following error when pr
Dear @ll
My environment:
OpenSSL 1.1.1f 31 Mar 2020
Ubuntu 20.04
Server version: Apache/2.4.41 (Ubuntu)
Server built: 2021-06-17T18:27:53
My problem:
connecting to a secure server requiring client certificate, i get the
following error when presenting my certificate:
ERR_BAD_SSL_CLIENT
> On Jan 25, 2018, at 4:59 AM, Oleg Smelkoff wrote:
>
> As I tought, reason of that problem was incorrect AKID of EE-certificate,
> cause AKID has to identify the issuer of the issuer,
That is indeed the problem, but your statement above is not accurate.
In the AKID extension the following rul
Hi All!
I've encountered same problem such in this topic:
http://openssl.6102.n7.nabble.com/Getting-crazy-with-quot-error-20-at-0-depth-lookup-unable-to-get-local-issuer-certificate-error-quot-td21109.html#none
but it wasn't help me
I have 2 chains, and try to verify EE-certificates w
dear all
i have made a client server code the client sends a X509 request and the
server reply the X509 certificate but i have 2 questions
1- did i fill all the attributes of the X509 certificate in this code or not
2- when i compile this code using eclipse i got allot of errors but all are
the s
Thank you for the reply. It is probably obvious that I am new to SSL
programming, and I am modifying some existing code. I will read over your
information and write back if I am still having issues.
Thanks
Derek
On Wed, Oct 10, 2012 at 4:30 AM, Dave Thompson wrote:
> >From: owner-openssl-us...@
>From: owner-openssl-us...@openssl.org On Behalf Of Derek Cole
>Sent: Tuesday, 09 October, 2012 21:12
>I am trying to write a server that will accept an incoming SSL connection.
>In psuedo, I have the following chain of function calls
>SSL_CTX_load_verify_locations(ctx, root
Hello,
I am trying to write a server that will accept an incoming SSL connection.
In psuedo, I have the following chain of function calls
SSL_CTX_load_verify_locations(ctx, root_cert_file, root_cert_dir)
SSL_CTX_use_certificate_chain_file(chain file)
SSK_CTX_use_PrivateKey_file(ch
I just want to wrap up my problem so that others can learn from my
ignorance:
Squid's logs aren't very verbose, so I only got "SSL unknown certificate
error 12" , when it suddenly wouldn't accept my client certificates
anymore.
That's the same error you get when a
I probably shouldn't have posted so hastily.
Now I think that it it more of a squid problem, because if I put stunnel
in front of it, stunnel handels the certificates fine.
pfSense 2.0.1 (FreeBSD 8.1-RELEASE-p6)stunnel-4.35 openssl-1.0.0_5
__
51:56 2022 GMT
client.crt validity
Not Before: Feb 2 16:54:29 2012 GMT
Not After : Jan 30 16:54:29 2022 GMT
Error Message after 02 MAR 2012 17:56 CET:
2012/03/04 17:43:42| SSL unknown certificate error 12 in
/C=DE/ST=NRW/L=Neuss/O=Profil/CN=xxx/emailAddress=xxx
2012/03/
On Thu, Jul 21, 2011, Wang-Martin, Linda wrote:
> Hi,
> I recently got the latest version of OpenSSL (1.0.0) however I now have a
> problem with one of my certificates that I didn't use to have in an older
> version. Specifically, whenever I try to do anything with this particular
> certificate
Hi,
I recently got the latest version of OpenSSL (1.0.0) however I now have a
problem with one of my certificates that I didn't use to have in an older
version. Specifically, whenever I try to do anything with this particular
certificate I run into an:
1472:error:0D0680A8:asn1 encoding routines:
On Thu, Aug 26, 2010, Toms Tormo wrote:
>>
>> Firstly thank you for the extensive debug information
> No!! Thank you very much for your quick answer/reply!!
>
>> Specifically the authority key identifier of the EE certificate is
>> incorrectly
>> set, though it is set correctly for other certific
with "error 20 at 0 depth lookup:unable to get local
issuer certificate error" (I tried everything...)
>
> Firstly thank you for the extensive debug information
No!! Thank you very much for your quick answer/reply!!
> Specifically the authority key identifier of the EE certif
Firstly thank you for the extensive debug information
No!! Thank you very much for your quick answer/reply!!
Specifically the authority key identifier of the EE certificate is incorrectly
set, though it is set correctly for other certificates in the chain.
I've been checking the Authority ke
On Wed, Aug 25, 2010, Toms Tormo wrote:
>
> Honestly, I have no idea what I'm doing wrong.. I've checked all the
> requirements OpenSSL needs and the certificates fulfill them all...
>
> Could you please help me? I'm getting desperate...
>
Firstly thank you for the extensive debug information, al
Greetings
I'm are trying to configure apache with client authentication using some
commercial certificates, but we are getting troubles with it. In Apache
logs we can see the following error *Certificate Verification: Error
(20): unable to get local issuer certificate*
I tried to verify the
to ask the CA
why it's returning 'unknown status'. The 'unable to get local issuer
certificate' error will go away.
You must coordinate with the CA. Otherwise, you're not going to get an
interoperable cert.
-Kyle H
smime.p7s
Description: S/MIME Cryptographic Signature
> error:unable to get local issuer certificate) ERROR
>
> On Thu, Jul 15, 2010, Luis Neves wrote:
>
> >
> > openssl ocsp -issuer /etc/pki/tls/certs/CC0001.pem -cert
> > /home/oracle/lneves.pem -url
> > http://ocsp.root.cartaodecidadao.pt/publico/ocs
om: st...@openssl.org
> To: openssl-users@openssl.org
> Subject: Re: OCSP_basic_verify:certificate verify error (Verify
> error:unable to get local issuer certificate) ERROR
>
> On Thu, Jul 15, 2010, Luis Neves wrote:
>
> >
> > openssl ocsp -issuer /etc/pki/t
utines:OCSP_basic_verify:certificate verify
> error:ocsp_vfy.c:122:Verify error:unable to get local issuer certificate
> /home/oracle/lneves.pem: unknown
> This Update: Jul 15 11:16:16 2010 GMT
>
>
>
> the "Cert Status: unknown" status is due to the "u
verify
error:ocsp_vfy.c:122:Verify error:unable to get local issuer certificate
/home/oracle/lneves.pem: unknown
This Update: Jul 15 11:16:16 2010 GMT
the "Cert Status: unknown" status is due to the "unable to get local issuer
certificate&quo
Hi,
Can someone help me on this error?
Im using apache 2.3 and trying to configure OCSP to validate client
cerificates, but Is not working, and theres this errors on apache error_log:
It seems that Apache is not trusting the OCSP responder response, is that true?
Why not?. what I am doing w
Thanks Ted, Suresh, and Marek for your help! I'm back on the
merry-go-round again.
-- larry
Lawrence L. Rose
190 Park Avenue
Daytona Development
Florham Park, NJ 07932
AT&T Labs - Research
Hello,
> $ openssl s_client -cert solar_client.pem -CAfile private/root.pem
> Enter pass phrase for solar_client.pem:
> CONNECTED(0003)
> depth=0 /C=US/ST=NJ/L=Florham Park/O=AT&T
> Research/CN=solarium.research.att.com
> verify error:num=20:unable to get local issuer certificate
> verify retu
Ted:
Thanks for the s_server/s_client suggestion. Here is the complete
output. The server appears to be ok but not the client???
$ openssl x509 -subject -issuer -dates -noout -in client.pem
subject= /C=US/ST=NJ/L=Florham Park/O=AT&T Labs -
Research/CN=solarium.research.att.com
issuer= /C=
Hi,
are you sure that you have replaced the new root.pem on the client side,
and put new server CERTIFICATE and new PRIVATE KEY pair on the server
side?
- Suresh
On Sun, 28 May 2006 22:21:22 -0400
Lawrence Rose <[EMAIL PROTECTED]> wrote:
> Hi:
>
> I setup the four openSSL examples in Viega et
Lawrence Rose wrote:
Hi:
I setup the four openSSL examples in Viega et al with certs and ran
fine until the 30 day certs expired. Now after I cut a new root.pem
and sereverCA.pem I cannot pass certificate verification. Where have
I gone wrong?
I've tried everything these past several days
Hi:
I setup the four openSSL examples in Viega et al with certs and ran
fine until the 30 day certs expired. Now after I cut a new root.pem
and sereverCA.pem I cannot pass certificate verification. Where have I
gone wrong?
I've tried everything these past several days altering the cnf,
recu
Title: Verify Client Certificate Error
Hello all,
I installed a apache+mod_ssl+openSSL server, but it can't verify my client certificate.
The server log is
[01/Aug/2002 15:29:21 27838] [trace] Certificate Verification: depth: 1, subject
: /CN=ChinaPay Publish System, issuer: /C=
Ramkumar Venketaramani wrote:
>
> Hi,
>
> I am trying to verify a server cert that is signed by a Intermediate CA
> (like Verisign International Server CA) but am getting a "Invalid
> Certificate" error. I understand from the mailing list that this is a know
Hi,
I am trying to verify a server cert that is signed by a Intermediate CA
(like Verisign International Server CA) but am getting a "Invalid
Certificate" error. I understand from the mailing list that this is a known
issue and there is a fix for this problem (the extended key
Thanks, that fixed it. Guess the error code threw me off...
-Brandon
-Original Message-
From: Dr S N Henson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 13, 2000 5:19 PM
To: [EMAIL PROTECTED]
Subject: Re: invalid CA certificate error in server cert verification.
"
"Kane, Brandon (NJAOST)" wrote:
>
> I'm trying to verify a server certificate, as part of a cert chain. One of
> the CA certs, a verisign intermediate cert, fails in the verify process. I'm
> getting a "invalid CA certificate" error in the callback fun
37 matches
Mail list logo
