Re: [onap-discuss] How to integrate ONAP-DCAE with Acumos ? #honolulu

Tue, 29 Mar 2022 06:15:23 -0700 

Hi Shabnam,

We are using self-signed certificate and when i'm trying to use openssl to 
connect, i'm getting the following error: verify error:num=20:unable to get 
local issuer certificate.
Could you provide any tutorial or documentation that clarify how to generate 
this client certs ?

Full lgs in attachment


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#23962): https://lists.onap.org/g/onap-discuss/message/23962
Mute This Topic: https://lists.onap.org/mt/89996363/21656
Mute #honolulu:https://lists.onap.org/g/onap-discuss/mutehashtag/honolulu
Group Owner: [email protected]
Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-



CONNECTED(00000005)
depth=0 C = US, ST = Unspecified, L = Unspecified, O = acumos, OU = acumos, CN 
= acumos
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = US, ST = Unspecified, L = Unspecified, O = acumos, OU = acumos, CN 
= acumos
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:C = US, ST = Unspecified, L = Unspecified, O = acumos, OU = acumos, CN = 
acumos
   i:C = US, ST = Unspecified, L = Unspecified, O = acumos, OU = acumos, CN = 
acumos
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIF6zCCA9OgAwIBAgIUWYFzkjz6o4hyAKBYyDdQbdugN44wDQYJKoZIhvcNAQEL
BQAwbDELMAkGA1UEBhMCVVMxFDASBgNVBAgMC1Vuc3BlY2lmaWVkMRQwEgYDVQQH
DAtVbnNwZWNpZmllZDEPMA0GA1UECgwGYWN1bW9zMQ8wDQYDVQQLDAZhY3Vtb3Mx
DzANBgNVBAMMBmFjdW1vczAeFw0yMjAzMTMwNDQ3MDdaFw0yMzA3MjYwNDQ3MDda
MGwxCzAJBgNVBAYTAlVTMRQwEgYDVQQIDAtVbnNwZWNpZmllZDEUMBIGA1UEBwwL
VW5zcGVjaWZpZWQxDzANBgNVBAoMBmFjdW1vczEPMA0GA1UECwwGYWN1bW9zMQ8w
DQYDVQQDDAZhY3Vtb3MwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC6
Ceohx796Rn2LUcs/PzdlfTRiyP+yxwnrcK5SQ5sftYc2OE9o2QW0WjyTDUk+s+gy
DybJidFm05Z2fl9N577mQiy8pMuieTNowLaqTzI12w4MEk5k2ZCPuL68z6Na7EdY
6Fc71Jn26f6fVVpvLce3sft7tQWfUmcSmI7udvNqdByh3sYBk6Fqyph3ixK65XQw
2aLukWGFzsKkmLcdLa36aTyCNLVeuZzsY+rmcjFssuU9PUsIy6lOfEsSS2B+C74q
rEm8RqhBRpwrXtcDgHtV/tiis+b31b2qkPpprSdiDj2rrg4eLPCsyvE+cGJBWZBK
jAaGZPCOvvNlyEGMNQ4jUdHY7OtgccydchCnjSuW2lQDiBmGKJXlzuiy9YYj8a84
Ze86OqwOwyndEOZWipltdyLalCQ5ItZyNuHtF3PNhtQZYwksK27Ea7nlRJ8x7+DG
wXXl+CJwwiRch/AG0/tj/J0zrwrkJ5YtuzFgoISNqgOYBLb4Q31GhY2u+zvlRH9Y
GoLpzOCYn7tp3zga31axHqoJa/IPJFwxUrbSJ57DYWmizZIItGOH8EzDWQaCq1gA
4pZXf7w8aCkF1ympIQ4JoEJbwLXntR8U3gNSvsehxr2oSaJzn8x34Ylx/6X/y25/
0U9c+GEs5D4/8lIYYqcTSM8HgIrtsP0qA0H+vLbqDwIDAQABo4GEMIGBMCcGA1Ud
EQQgMB6HBMjvXZCCBmFjdW1vc4IGYWN1bW9zggZhY3Vtb3MwHQYDVR0OBBYEFBux
e1c2Q9gLk/QeEbIpC/BvoVWwMB8GA1UdIwQYMBaAFKSuHc2+/ChMLSYZUxgUj0D6
7TwAMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMA0GCSqGSIb3DQEBCwUAA4ICAQAr
HevkB2d1oGBE/u+wvfxaPa4a+8anYPGAY0sevdAIvTwfIEafgeU367dD4sa0jnQ/
faMhw36u66ZLcEKh1gFNLl+11n04CiDmz7Pom6Hwv8k2rtkZqTSVJm8d8anLNDhZ
MXSfidQ2AH/bwxVA5RdZAPc95kWvHR+aZKAhJ2/yEsg4Chn+mevlwfsUMHWMoemx
KvNDCYDWEXKPJWZS5BprnLX236Q0gAaLmLIlGvrGmsWJaDm4FfhgLNsSSTeu94jm
lnal9K9yUO6YDhrOQJiSNw/r16EvHEIj0h401nncILbUAByubAxccVMEMEjhyeGV
6rT0GI9+L6kmMIGnsqo1GLQQTUC1X1u7+J0GkRSoXM0VXqVoiVK1pZ5HhxmEt7/g
+LwOWLOmiOu1PMPO9VUxc98n3I5MFHHeUim26xPXJO2T2VWv2vjIx8AdHIBZeVOa
ScBCX2dF2khscExX2baJwtrK8QaL7s2K0BJN/1Zbu9DU0heMaJ2Tc+6MU82zlQQX
0saD2776SjIXgV5XKhwGQFXf5LiP8g6pDs14SALf7fKE9GRncdgO9VdBSEdYp/bG
lpULOi2JEJfCmevnOGBi2BNnLODyzCOShQGZnWn+vQhpm9FJSSxCEwlCzVtwm4Uk
yx5OU6aWLjqKm607YkMu830JWjEq/3GZZQ+iOVm0Xg==
-----END CERTIFICATE-----
subject=C = US, ST = Unspecified, L = Unspecified, O = acumos, OU = acumos, CN 
= acumos

issuer=C = US, ST = Unspecified, L = Unspecified, O = acumos, OU = acumos, CN = 
acumos

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2534 bytes and written 850 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 4096 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 21 (unable to verify the first certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 240BAE2DDB6E475938CBBAC5EE796AED889F1BDA7A3C62FF426DE245D9C1E11F
    Session-ID-ctx: 
    Resumption PSK: 
C66711EE9B05002A87806D826C080D73FC9A2DDE827FDD65F1F166209C967039EDE859CFD244AD0760FF96FB2D1D1AD2
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 86400 (seconds)
    TLS session ticket:
    0000 - 2a ae 5e 09 b9 d3 ac 9e-eb e0 b1 a9 d6 cc e9 3f   *.^............?
    0010 - b3 98 7c f3 90 fa 9f 36-73 fa 59 0a 9c 3e 03 d5   ..|....6s.Y..>..

    Start Time: 1648559589
    Timeout   : 7200 (sec)
    Verify return code: 21 (unable to verify the first certificate)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK

Reply via email to