on 6/6/02 9:45 AM, [EMAIL PROTECTED] purportedly said: > Hi. > > When using the net_ssl_test script I get this error: > WEB SITE: www.nwoasis.org:443 > CIPHER: RC4-MD5 > THIS IS: /C=US/O=BONNEVILLE POWER ADMINISTRATION/OU=BONNEVILLE POWER > ADMINISTRATION/CN=www.nwoasis.org > CERTIFIED BY: /C=US/O=Digital Signature Trust Co./OU=TrustID > Server/CN=TrustID Server CA A5 > > #!/usr/bin/ksh > export HTTPS_CA_FILE='./dt_ca.crt'; > export HTTPS_CA_DIR='.'; > export HOST='https://www.nwoasis.org'; > ./net_ssl_test -cert=./dt_cl.crt -key=./dt.key -d GET $HOST > > SSL_connect:error in SSLv3 read server certificate B > SSL_connect:before/connect initialization > SSL_connect:SSLv2 write client hello A > SSL_connect:error in SSLv2 read server hello B > == FAILED TO CONNECT == > Error: SSL negotiation failed: error:1407E086:SSL > routines:SSL2_SET_CERTIFICATE:certificate verify failed at > /usr/local/lib/perl5/site_perl/5.6.1/sun4-solaris/Net/SSL.pm line 215. > ; at /usr/local/lib/perl5/site_perl/5.6.1/sun4-solaris/Net/SSL.pm line 146.
If I understand the process correctly, you must have the proper CA file for the particular CA, in this case "Digital Signature Trust Co.". If you are not acting as your own CA, you need to download the proper root CA from the certificate vendor. Keary Suska (719) 473-6431 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
