SSL CERT Verification

Mon, 11 Apr 2016 00:02:27 -0700 

Hello Team,

While establishing connection for https protocol , facing the issue with 
certification although ca bundle have cert required.
It's happening only in customer environment.  Whereas all test machines are 
able to successfully verify the certificate.

Root Certificate required is Entrust Root Certification Authority - G2 and it 
does present in CA bundle provided. CA Bundle used in both machines is same.
Is there any reason its failing only in specific environment though CA bundle 
is same?

Cert hierarchy:

[cid:[email protected]]


Curl trace between succeeded one and failed one. Could you please help here?

Success one:

1528  da4   04/11 06:42:18 ### Public: == cURL Info: SSL: created a context.
1528  da4   04/11 06:42:18 ### Public: == cURL Info: successfully set 
certificate verify locations:
1528  da4   04/11 06:42:18 ### Public: == cURL Info:   CAfile: D:\Program 
Files\Commvault\ContentStore\Base\curl-ca-bundle.crt
  CApath: none
1528  da4   04/11 06:42:18 ### Public: == cURL Info: SSLv3, TLS handshake, 
Client hello (1):
1528  da4   04/11 06:42:18 ### Public: == cURL Info: SSLv3, TLS handshake, 
Server hello (2):
1528  da4   04/11 06:42:18 ### Public: == cURL Info: SSLv3, TLS handshake, CERT 
(11):
1528  da4   04/11 06:42:19 ### Public: == cURL Info: SSLv3, TLS handshake, 
Server key exchange (12):
1528  da4   04/11 06:42:19 ### Public: == cURL Info: SSLv3, TLS handshake, 
Server finished (14):
1528  da4   04/11 06:42:19 ### Public: == cURL Info: SSLv3, TLS handshake, 
Client key exchange (16):
1528  da4   04/11 06:42:19 ### Public: == cURL Info: SSLv3, TLS change cipher, 
Client hello (1):
1528  da4   04/11 06:42:19 ### Public: == cURL Info: SSLv3, TLS handshake, 
Finished (20):
1528  da4   04/11 06:42:19 ### Public: == cURL Info: SSLv3, TLS change cipher, 
Client hello (1):
1528  da4   04/11 06:42:19 ### Public: == cURL Info: SSLv3, TLS handshake, 
Finished (20):
1528  da4   04/11 06:42:19 ### Public: == cURL Info: SSL connection using 
ECDHE-RSA-AES256-SHA384
1528  da4   04/11 06:42:19 ### Public: == cURL Info: Server certificate:
1528  da4   04/11 06:42:19 ### Public: == cURL Info:           subject: C=US; 
ST=New Jersey; L=Oceanport; O=Commvault Systems; CN=*.commvault.com
1528  da4   04/11 06:42:19 ### Public: == cURL Info:           start date: 
2015-05-27 14:30:01 GMT
1528  da4   04/11 06:42:19 ### Public: == cURL Info:           expire date: 
2018-07-25 22:34:19 GMT
1528  da4   04/11 06:42:19 ### Public: == cURL Info:           subjectAltName: 
edc.commvault.com matched
1528  da4   04/11 06:42:19 ### Public: == cURL Info:           issuer: C=US; 
O=Entrust, Inc.; OU=See www.entrust.net/legal-terms; OU=(c) 2012 Entrust, Inc. 
- for authorized use only; CN=Entrust Certification Authority - L1K
1528  da4   04/11 06:42:19 ### Public: == cURL Info:           SSL certificate 
verify ok.

Failed one:

8584  1d74  04/07 09:42:06 ### Public: == cURL Info: SSL: created a context.
8584  1d74  04/07 09:42:06 ### Public: == cURL Info: successfully set 
certificate verify locations:
8584  1d74  04/07 09:42:06 ### Public: == cURL Info:   CAfile: R:\Program 
Files\CommVault\Simpana\Base\curl-ca-bundle.crt  -> This file does have Entrust 
Root Certification Authority - G2.
  CApath: none
8584  1d74  04/07 09:42:06 ### Public: == cURL Info: SSLv3, TLS handshake, 
Client hello (1):
8584  1d74  04/07 09:42:06 ### Public: == cURL Info: SSLv3, TLS handshake, 
Server hello (2):
8584  1d74  04/07 09:42:06 ### Public: == cURL Info: SSLv3, TLS handshake, CERT 
(11):
8584  1d74  04/07 09:42:06 ### Public: == cURL Info: SSLv3, TLS alert, Server 
hello (2):
8584  1d74  04/07 09:42:06 ### Public: == cURL Info: SSL certificate problem, 
verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify 
failed
8584  1d74  04/07 09:42:06 ### Public: == cURL Info: Closing connection #0
8584  1d74  04/07 09:42:06 ### Public: == cURL Info: SSLv3, TLS alert, Client 
hello (1):

Thanks,
Sasikala Raju.



***************************Legal Disclaimer***************************
"This communication may contain confidential and privileged material for the
sole use of the intended recipient. Any unauthorized review, use or distribution
by others is strictly prohibited. If you have received the message by mistake,
please advise the sender by reply email and delete the message. Thank you."
**********************************************************************
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:  https://curl.haxx.se/mail/etiquette.html

Reply via email to