I don't know if this will answer you're questions but I've tried these three commands:
$ openssl verify -CApath /etc/grid-security/certificates -purpose sslclient ~/.globus/usercert.pem /home/turli/.globus/usercert.pem: OK $ openssl verify -CApath /etc/grid-security/certificates -purpose sslclient /etc/grid-security/containercert.pem /etc/grid-security/containercert.pem: OK $ openssl verify -purpose sslclient /etc/grid-security/containercert.pem /etc/grid-security/containercert.pem: /C=IT/O=INFN/OU=Host/L=ENGINEERING RDLAB/CN=grids16.eng.it error 20 at 0 depth lookup:unable to get local issuer certificate Wnat could be the solution? Andrea On Thu, Feb 26, 2009 at 11:35 AM, Vincenzo Ciaschini <[email protected]> wrote: > Vincenzo Ciaschini wrote: >> >> Tom Scavo wrote: >>> >>> On Wed, Feb 25, 2009 at 10:23 AM, Andrea Turli <[email protected]> >>> wrote: >>>> >>>> This command also >>>> >>>> openssl s_client -connect localhost:443 >>>> >>>> doesn't work >>>> >>>> This is the stacktrace I can see: >>>> CONNECTED(00000003) >>>> depth=0 /C=IT/O=INFN/OU=Host/L=ENGINEERING RDLAB/CN=grids16.eng.it >>>> verify error:num=20:unable to get local issuer certificate >>>> verify return:1 >>>> depth=0 /C=IT/O=INFN/OU=Host/L=ENGINEERING RDLAB/CN=grids16.eng.it >>>> verify error:num=27:certificate not trusted >>>> verify return:1 >>>> depth=0 /C=IT/O=INFN/OU=Host/L=ENGINEERING RDLAB/CN=grids16.eng.it >>>> verify error:num=21:unable to verify the first certificate >>>> verify return:1 >>>> 20978:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad >>>> certificate:s3_pkt.c:1046:SSL alert number 42 >>>> 20978:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake >>>> failure:s23_lib.c:226: >> >> This error trace seem to hint to the fact that OpenSSL could not find the >> CA certificate of the grids16.eng.it host cert in the CA store. What is the >> default value of -CApath when one does not specify it? > > It is '/certs'. I assume you do not have it, right? > >> Are you sure you have the CA certificate installed? > > Ciao, > Vincenzo > > >
