Re: Local Issuer Certificate??????

Thu, 05 Oct 2006 05:33:52 -0700 

At 05:34 AM 10/5/2006, Dr. Stephen Henson wrote:

On Thu, Oct 05, 2006, Dan O'Reilly wrote:

> At 12:48 AM 10/5/2006, Bernhard Froehlich wrote:
> >Dan O'Reilly wrote:
> >>Trying to test certs before moving on to LDAP tests.  The certs were
> >>obtained from a CA running on a MS box.  Here's what happens:
> >>
> >>openssl s_client  -connect adtest:636 -cert foo.pem "-CAfile" homeca_ce
> >>rt_chain.p7b

The above command is the problem. You can't use a PKCS#7 (.p7b) file directly
in the -CAfile command.

>
> openssl pkcs7 -inform der -in homeca_cert_chain.p7b -noout -print_certs
> -text

Use the above command to say the certificate to a PEM file. For exampl
home_ca.pem and use that file for the -CAfile.


It doesn't change anything.  Same error.

 openssl s_client  -connect adtest:636 "-CAfile" homeca_cert_chain.pem
CONNECTED(00000003)
depth=0 /CN=adtest.altdomain2000.psccos.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /CN=adtest.altdomain2000.psccos.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /CN=adtest.altdomain2000.psccos.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/CN=adtest.altdomain2000.psccos.com
   i:/C=US/ST=CO/L=Colorado Springs/O=Process Software/CN=homeca


        <snip>



Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [email protected]
Automated List Manager                           [EMAIL PROTECTED]


------
+-------------------------------+----------------------------------------+
| Dan O'Reilly                  |  "There are 10 types of people in this |
| Principal Engineer            |   world: those who understand binary   |
| Process Software              |   and those who don't."                |
| http://www.process.com        |                                        |
+-------------------------------+----------------------------------------+


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [email protected]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to