I tried to connect to a server using s_client command .but i get an
error stating
" unable to get local issuer certificate" & also
it gives certificate not trusted "
how to overcome this errors
C:\OpenSSL\bin>openssl s_client -connect gmail.com:443 -verify 3 -cert newcert.p
em -key newkey.pem -CAfile cacert.pem -state
verify depth is 3
Enter pass phrase for newkey.pem:
Loading 'screen' into random state - done
CONNECTED(000002D4)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=1 /C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=1 /C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=mail.google.com
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mail.google.com
i:/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
1 s:/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDIjCCAougAwIBAgIQeGJdG+ZuLrAZgPwP49qYUTANBgkqhkiG9w0BAQUFADBM
MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg
THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0wNzA1MDMxNTM0NThaFw0w
ODA1MTUxNzI0MDFaMGkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMRgw
FgYDVQQDEw9tYWlsLmdvb2dsZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBAMnUudLUhHv3cpy0A47K38oOYK9CeH93UMzH1QA/FYwwhRrcEkQjwSrddNqF
RLBJMv+KWKFbMbTzMSR69VQCJJ26cKSOg95hhuIsRf6Y8MRfynWK4nfun8ubF8If
LfISfrzTX8/nw8jmtL0zaNNSCZWs6UNzptkK085tRO2KoeZ5AgMBAAGjgecwgeQw
KAYDVR0lBCEwHwYIKwYBBQUHAwEGCCsGAQUFBwMCBglghkgBhvhCBAEwNgYDVR0f
BC8wLTAroCmgJ4YlaHR0cDovL2NybC50aGF3dGUuY29tL1RoYXd0ZVNHQ0NBLmNy
bDByBggrBgEFBQcBAQRmMGQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnRoYXd0
ZS5jb20wPgYIKwYBBQUHMAKGMmh0dHA6Ly93d3cudGhhd3RlLmNvbS9yZXBvc2l0
b3J5L1RoYXd0ZV9TR0NfQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEF
BQADgYEA1JrSolCBCddemVIF/FzhGsN1eTFA0JwgzL+D4u65Ua+PeqzMnrG08+rQ
OwzgNZPI6ld6IxVCQ2GkDU8VURk30vU26WucB+ImS+pC3ENSSmliB6U1CScu2QL4
A1p1sGdz+bOeovdw2XAOrQYMMCXT0hJZ++bTUhrijxqkaSdRePU=
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=mail.google.com
issuer=/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SGC CA
---
No client certificate CA names sent
---
SSL handshake has read 1778 bytes and written 322 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: 78B1A16CBC8BFA005701E93ABC140387DEEC3CB62CB4396265BB4CD6490A9FEE
Session-ID-ctx:
Master-Key: 55DF03F5380E46145D0673EB66A82201810AC9E4CA82A7BD8E4DA4CCE34AB589
C9C79C560951DFF731B26A537A43DC11
Key-Arg : None
Start Time: 1201860116
Timeout : 300 (sec)
Verify return code: 27 (certificate not trusted)
---
read:errno=0
SSL3 alert write:warning:close notify
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
