Venkatesha, Ashalatha wrote:
>
> Steve,
>
> Thanks for your early reply.
>
> I did as you mentioned and my server is working fine. But i have one more
> problem.
>
> When i try to connect from client as
> telnet -z ssl -z cert=newfile.pem server port
>
> It gives the following error
> VERIFY ERROR: depth=0 error=unable to get local issuer certificate:
>
> Please can anyone tell me what all to be set when calling the function
> SSL_CTX_load_verify_locations(ctx, file, path)
> file which i am using is cacert.pem(generated with command: openssl pkcs12
> -in file.p12 -out cacerts.pem -cacerts -nokeys)
> path which i am using is mytrusted. But since i am using the certificate
> from CS, i do not know what file to be present in this path.
>
> >From the openssl i found that there is file called hash.O present. Can
> anyone tell me how do i generate this file for the certificate got from CS.
> Is this the cause for above error(i think)?
>
You need to include your "trusted certificates" either joined together
in one file or in a directory.
These will consist of your client CA certificate(s) and the server CA
certificate(s). If they are all in a file then it should just work.
If they are in a directory you need to do c_rehash <dir> to create the
<hash>.0 links.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
