Can any one please help me on the below question? Is it because that the rsasecurity server certificate is issued by www.valicert.com and valicert.com trusted root is not available to complete the certificate chain?
Thanks, Ravi. On 1/4/07, ravi shankar <[EMAIL PROTECTED]> wrote:
Hi, We have issues in our openssl application when we try to connect to www.rsasecurity.com:443. In our application, we get the CA certificates corresponding to the webserver, convert them from .der to .pem format, concatenate them and store in a single file. This file is used as the CA certificate when we connect to the webserver. These steps works fine with other webservers, but does not work with rsasecurity site (fails with the error 'unable to get local issuer certificate') Any thought on this issue would be appreciated. Thanks, Ravi. # openssl s_client -connect www.rsasecurity.com:443 -CAfile rsa.pem CONNECTED(00000003) depth=3 /O=RSA Security Inc./CN=RSA Public Root CA v1/emailAddress= [EMAIL PROTECTED] verify error:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain 0 s:/C=US/ST=Massachusetts/L=Bedford/O=RSA Security Inc./OU=Information Services/CN=www.rsasecurity.com i:/O=RSA Security Inc./OU=KCA Services/CN=RSA Corporate Server CA/L=Bedford/ST=Massachusetts/C=US 1 s:/O=RSA Security Inc./OU=KCA Services/CN=RSA Corporate Server CA/L=Bedford/ST=Massachusetts/C=US i:/O=RSA Security Inc./OU=KCA Services/CN=RSA Corporate/L=Bedford/ST=Massachusetts/C=US 2 s:/O=RSA Security Inc./OU=KCA Services/CN=RSA Corporate/L=Bedford/ST=Massachusetts/C=US i:/O=RSA Security Inc./CN=RSA Public Root CA v1/emailAddress= [EMAIL PROTECTED] 3 s:/O=RSA Security Inc./CN=RSA Public Root CA v1/[EMAIL PROTECTED] i:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 3 Policy Validation Authority/CN=http://www.valicert.com//[EMAIL PROTECTED] --- Server certificate -----BEGIN CERTIFICATE----- MIIENTCCA56gAwIBAgIRAOqEBDZm7QSDfm0llhnyDIUwDQYJKoZIhvcNAQEFBQAw gYwxGjAYBgNVBAoTEVJTQSBTZWN1cml0eSBJbmMuMRUwEwYDVQQLEwxLQ0EgU2Vy dmljZXMxIDAeBgNVBAMTF1JTQSBDb3Jwb3JhdGUgU2VydmVyIENBMRAwDgYDVQQH EwdCZWRmb3JkMRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMQswCQYDVQQGEwJVUzAe Fw0wNjA3MTMyMjIxNThaFw0wODA3MTQyMjIxNTBaMIGQMQswCQYDVQQGEwJVUzEW MBQGA1UECBMNTWFzc2FjaHVzZXR0czEQMA4GA1UEBxMHQmVkZm9yZDEaMBgGA1UE ChMRUlNBIFNlY3VyaXR5IEluYy4xHTAbBgNVBAsTFEluZm9ybWF0aW9uIFNlcnZp Y2VzMRwwGgYDVQQDExN3d3cucnNhc2VjdXJpdHkuY29tMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQDy/4taDghmlVVBv70QQGsPPj6x+71xwp7IEa4ZttPeXGuh T/JpZHTVbAjPOimocJgUK5pMgw/o114vx1vkONCd009NfDNfBzknsWvi9BbFKedQ GaVnwcIepddXV68OZvzwMcFWcfkcGw08P7bAmleFC8dKq86jdel1R5s4EnBrkwID AQABo4IBjzCCAYswDgYDVR0PAQH/BAQDAgO4MBEGCWCGSAGG+EIBAQQEAwIGQDAe BgNVHREEFzAVghN3d3cucnNhc2VjdXJpdHkuY29tMB8GA1UdIwQYMBaAFInPTrWg h15+Q3jRmUloB3yEBzNWMIGSBgNVHSAEgYowgYcwgYQGCSqGSIb3DQUHAjB3MC4G CCsGAQUFBwIBFiJodHRwOi8vY2EucnNhc2VjdXJpdHkuY29tL0NQUy5odG1sMEUG CCsGAQUFBwICMDkwGBYRUlNBIFNlY3VyaXR5IEluYy4wAwIBARodQ1BTIEluY29y cG9yYXRlZCBieSByZWZlcmVuY2UwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF BwMCMB0GA1UdDgQWBBQ8VhDHWyyllW0UYG8jogOa2c4FVjBSBgNVHR8ESzBJMEeg RaBDhkFodHRwOi8vY3JsLnJzYXNlY3VyaXR5LmNvbTo4MC9SU0ElMjBDb3Jwb3Jh dGUlMjBTZXJ2ZXIlMjBDQS0yLmNybDANBgkqhkiG9w0BAQUFAAOBgQCvSlV4/CRs VdjvpGtd/sqhqR1dgcdDNmC+ZqTon+anIxe63VK6j/bKlkJ5LIA4ZZZ7hGg3R8tm AeOEgLnB7k76tzq+ArtBKCGbg7J6Dtb+SmwhbBTuakxaDMJYh+VC/8kZcEeWLyZ1 NuvMWG4lQw9sO6w+mklylieweP4gV7naEA== -----END CERTIFICATE----- subject=/C=US/ST=Massachusetts/L=Bedford/O=RSA Security Inc./OU=Information Services/CN=www.rsasecurity.com issuer=/O=RSA Security Inc./OU=KCA Services/CN=RSA Corporate Server CA/L=Bedford/ST=Massachusetts/C=US --- No client certificate CA names sent --- SSL handshake has read 3717 bytes and written 330 bytes --- New, TLSv1/SSLv3, Cipher is RC4-MD5 Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher : RC4-MD5 Session-ID: 480E00003102AFE2332FEBD5BCCD5B5F0F6E04E0F144DA95C31F5968E47BFFE6 Session-ID-ctx: Master-Key: BB45A97530F6BFFE1CA3A09C93ACAB59243243424A66C4A14993AADB7A15921C9AA9F0BB4F40D8DBB82C483AF5592C99 Key-Arg : None Start Time: 1167908925 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate) ---
