problem with verifying certificates

Chris Drumgoole Thu, 03 May 2001 13:44:01 -0700
Hi, I am running openssl 0.9.6a on a SunOS2.6 machine.

I installed like so:
./config
make
make test
make install


my problem is, it doesn't seem to be able to verify *any* signed
certificates.

here is an example output from
bin/openssl s_client -host rsaonline.rsasecurity.com -port 443 -showcerts
(I picked rsaonline.... because I would think they would have a valid cert
;-)

output:



CONNECTED(00000004)
depth=0 /C=US/ST=Massachusetts/L=Bedford/O=RSA Security 
Inc./OU=RSAS-WEB-01/OU=Terms of use at www.verisign.com/rpa 
(c)00/CN=rsaonline.rsasecurity.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=Massachusetts/L=Bedford/O=RSA Security
Inc./OU=RSAS-WEB-01/OU=Terms of use at www.verisign.com/rpa 
(c)00/CN=rsaonline.rsasecurity.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=Massachusetts/L=Bedford/O=RSA Security
Inc./OU=RSAS-WEB-01/OU=Terms of use at www.verisign.com/rpa 
(c)00/CN=rsaonline.rsasecurity.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/C=US/ST=Massachusetts/L=Bedford/O=RSA Security
Inc./OU=RSAS-WEB-01/OU=Terms  of use at www.verisign.com/rpa 
(c)00/CN=rsaonline.rsasecurity.com
   i:/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification
Authority
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=Massachusetts/L=Bedford/O=RSA Security
Inc./OU=RSAS-WEB-01/OU=Terms of use at www.verisign.com/rpa 
(c)00/CN=rsaonline.rsasecurity.com
issuer=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification
Authority
---
No client certificate CA names sent
---
SSL handshake has read 938 bytes and written 248 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 512 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-MD5

Session-ID: 020000007E424A3D34136D63A38C243A6910211EEA1C39567901AE8A0258D6F5
    Session-ID-ctx:

Master-Key: 
49D9D45A4F2BCC8D464DFA115B4BD12D66F0A00E7ED820A279BEDF4E9D05D7DF9A3F98E5CD134C7BF5FDC7CD2ADEFEE6
    Key-Arg   : None
    Start Time: 988923327
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---

as you can see from the section above the Certificate, it says cert not
trusted, etc...

I am wondering if there is something else I need to do??

thank you in advance!

Chris Drumgoole
email administrator
CAEN, COE, Univ. of Michigan


<q

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
problem with verifying certificates

Reply via email to
