Vincenzo Ciaschini wrote:
Tom Scavo wrote:
On Wed, Feb 25, 2009 at 10:23 AM, Andrea Turli <[email protected]>
wrote:
This command also
openssl s_client -connect localhost:443
doesn't work
This is the stacktrace I can see:
CONNECTED(00000003)
depth=0 /C=IT/O=INFN/OU=Host/L=ENGINEERING RDLAB/CN=grids16.eng.it
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=IT/O=INFN/OU=Host/L=ENGINEERING RDLAB/CN=grids16.eng.it
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=IT/O=INFN/OU=Host/L=ENGINEERING RDLAB/CN=grids16.eng.it
verify error:num=21:unable to verify the first certificate
verify return:1
20978:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
certificate:s3_pkt.c:1046:SSL alert number 42
20978:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:226:
This error trace seem to hint to the fact that OpenSSL could not find
the CA certificate of the grids16.eng.it host cert in the CA store. What
is the default value of -CApath when one does not specify it?
It is '/certs'. I assume you do not have it, right?
Are you
sure you have the CA certificate installed?
Ciao,
Vincenzo
