> On Jan 25, 2018, at 4:59 AM, Oleg Smelkoff wrote:
>
> As I tought, reason of that problem was incorrect AKID of EE-certificate,
> cause AKID has to identify the issuer of the issuer,
That is indeed the problem, but your statement above is not accurate.
In the AKID extension the following rul
ith CApath or CAfile (it
doesn't matter)
A.crt -> B.crt -> C1.crt -> D1.crt - works
A.crt -> B.crt -> C2.crt -> D2.crt - doesn't work (error 20 at 0 depth
lookup:unable to get local issuer certificate)
Please, pay attention that first two certificates in chain are the sa
> From: owner-openssl-us...@openssl.org On Behalf Of Yvonne Wambui
> Sent: Friday, January 10, 2014 01:44
> thanks dave and martin. with all that information i think i should start
the process again.
> Do you have some materials that have step by step process of configuring
two way connections
I
thanks dave and martin. with all that information i think i should start
the process again. Do you have some materials that have step by step
process of configuring two way connections
On Fri, Jan 10, 2014 at 7:30 AM, Dave Thompson wrote:
> > From: owner-openssl-users On Behalf Of Martin Hecht
>
> From: owner-openssl-users On Behalf Of Martin Hecht
> Sent: Thursday, January 09, 2014 11:54
Generally good explanation, but a few quibbles:
> I don't know what exactly you are doing, so it is difficult to speculate
> why you are receiving code 19.
>
> Some information is exchanged during esta
I don't know what exactly you are doing, so it is difficult to speculate
why you are receiving code 19.
Some information is exchanged during establishment of the ssl
connection. For example if you have a web server and a browser, the web
server shows the host certificate to the browser and the br
could you please explain the last reason.
On Thu, Jan 9, 2014 at 3:38 PM, Martin Hecht wrote:
> X509_V_OK would be code 0
> 19 means that the CA certificate could be found, the chain could be
> built and verified completely up to the CA certificate but the latter is
> not trusted. (see http://
X509_V_OK would be code 0
19 means that the CA certificate could be found, the chain could be
built and verified completely up to the CA certificate but the latter is
not trusted. (see http://www.openssl.org/docs/apps/verify.html)
ah, for some things to work correctly, the file name must be the su
thanks martin. i made the changes and now im getting
Verify return code: 19 (self signed certificate in certificate chain)
is this ok, or i need code 0
On Thu, Jan 9, 2014 at 1:33 PM, Martin Hecht wrote:
> I was thinking about manual verification of certificates on the command
> line. From wha
I was thinking about manual verification of certificates on the command
line. From what you wrote now, it seems that you are using some calls to
the openssl library in a client-server application, maybe via other
tools/webserver or so, and I understand that the server certificate was
issued by a di
thanks martin, your response shade some light and i can now understand what
im doing. Im trying to create a two way ssl connection, the problem when
verifying the connection to the server, its using my RootCA instead of the
server, hence throwing verification error 19. would you please advise on
wh
On 08.01.2014 15:32, Yvonne Wambui wrote:
> i get this error when verifing a non-self signed certificate. how do i make
> it not point to the rootCA
>
It makes no sense to verify a non-self signed certificate without the
rootCA certificate. To verify such a certificate you have to provide the
certi
i get this error when verifing a non-self signed certificate. how do i make
it not point to the rootCA
/openssl verify /gives
following error:
*# openssl verify -CAfile ca.pem -untrusted cert1.pem cert2.pem
last.pem*
cert2.pem: OK
last.pem: /C=IN/O=Xyz/OU=CableLabs Key Distribution
Center/CN=kdc.xyz.com <http://kdc.xyz.com>
error 20 at 0 depth lookup:unable to get loca
m*
> cert2.pem: OK
> last.pem: /C=IN/O=Xyz/OU=CableLabs Key Distribution Center/CN=kdc.xyz.com
> error 20 at 0 depth lookup:unable to get local issuer certificate
>
> The Subject and Issuer names in certificates are correct. Please let me
> know the cause of error and changes required in the certificate hierarchy.
>
> Regards,
> Vinay
>
>
tion Center/CN=kdc.xyz.com
error 20 at 0 depth lookup:unable to get local issuer certificate
The Subject and Issuer names in certificates are correct. Please let me
know the cause of error and changes required in the certificate hierarchy.
Regards,
Vinay
On Thu, Aug 26, 2010, Toms Tormo wrote:
>>
>> Firstly thank you for the extensive debug information
> No!! Thank you very much for your quick answer/reply!!
>
>> Specifically the authority key identifier of the EE certificate is
>> incorrectly
>> set, though it is set correctly for other certific
with "error 20 at 0 depth lookup:unable to get local
issuer certificate error" (I tried everything...)
>
> Firstly thank you for the extensive debug information
No!! Thank you very much for your quick answer/reply!!
> Specifically the authority key identifier of the EE certif
Firstly thank you for the extensive debug information
No!! Thank you very much for your quick answer/reply!!
Specifically the authority key identifier of the EE certificate is incorrectly
set, though it is set correctly for other certificates in the chain.
I've been checking the Authority ke
On Wed, Aug 25, 2010, Toms Tormo wrote:
>
> Honestly, I have no idea what I'm doing wrong.. I've checked all the
> requirements OpenSSL needs and the certificates fulfill them all...
>
> Could you please help me? I'm getting desperate...
>
Firstly thank you for the extensive debug information, al
96588742N/GN=prueba/1.3.6.1.4.1.17326.30.2=CIF/1.3.6.1.4.1.17326.30.3=B/O=demo/OU=demo/CN=prueba
indenova1808/title=demo/description=RACER: Natural Person RACER-PF-1.1.1
*error 20 at 0 depth lookup:unable to get local issuer certificate*/
From this error, I understand that OpenSSL isn't able to
Hi all!
How about this meaning?
when I use CA.sh -newreq create a new certificate, and use CA.sh -sign to
sign this caertificate, after that , CA.sh -verify to check this cert, and
the error like this:
error 20 at 0 depth lookup:unable to get local issuer certificate
Best
Hi all,
I have created the server and client certificates. But while doing
openssl verify -CAfile ca.crt server.crt, is is giving following
error.So what is the reason for this?.
server.crt: /C=IN/ST=BANGALORE/O=Kalki Communication Technologies/CN=server
error 20 at 0 depth lookup:unable
On Thu, Nov 25, 2004, Frédéric PAILLETTE wrote:
> Florin Angelescu wrote:
>
> >hello
> >i have build openldap with openssl support
> >and when a client try to connect i got :
> >
> >
> >TLS certificate verification: depth: 1, err: 19,
> >subject:
> >/C=BE/ST=BELGIUM/L=BRUSSELS/O=CAAMI_CA/OU=CC
Florin Angelescu wrote:
hello
i have build openldap with openssl support
and when a client try to connect i got :
TLS certificate verification: depth: 1, err: 19,
subject: /C=BE/ST=BELGIUM/L=BRUSSELS/O=CAAMI_CA/OU=CCI/CN=CAAMI_CA/[EMAIL PROTECTED],
issuer: /C=BE/ST=BELGIUM/L=BRUSSELS/O=CAAMI_C
hello
i have build openldap with openssl support
and when a client try to connect i got :
TLS certificate verification: depth: 1, err: 19,
subject: /C=BE/ST=BELGIUM/L=BRUSSELS/O=CAAMI_CA/OU=CCI/CN=CAAMI_CA/[EMAIL
PROTECTED],
issuer: /C=BE/ST=BELGIUM/L=BRUSSELS/O=CAAMI_CA/OU=CCI/CN=CAAMI_CA/[
Dear Group
I create a certificate from programming But when I
want to verify it openssl verify function say "error
20 at 0 depth lookup:unable to get local issuer
certificate"
What the probelm?
When I create a certificate by openssl comman It can
be verifid.
All ca certificates are in
rify error: unable to get local issuer certificate
SSL verify error: certificate not trusted
SSL verify error: unable to verify the first certificate
When I try openssl validate I get:
pelle: /C=AU/ST=QLD/O=Mincom Pty. Ltd./OU=\x09/CN=PelleMell
error 20 at 0 depth loo
28 matches
Mail list logo
