You did not specify a CA to verify against. (using -CAfile or -CApath
and -verify)
That server is not sending its intermediate certificate.
Verifying against chain of root and intemediate succeeded for me
(openssl 1.0.0d on windows xp sp3)
----- Original Message -----
From: "Florian Pritz" <bluew...@xinu.at>
To: <openssl-users@openssl.org>
Sent: Thursday, March 15, 2012 3:11 PM
Subject: Verification error, weird cert chain for
portfolio.iguw.tuwien.ac.at
When using lynx to access https://portfolio.iguw.tuwien.ac.at I got an
ssl cert validation error. Since it worked fine in firefox/chromium I
tried to use openssl directly and got the following, but I fail to
understand what it means although I see that the chain looks strange
(0->1 i:TERENA is replaced by s:COMODO)
After a bit of googling I believe it's a problem on the server side, but
my knowledge of SSL/X.509 is very limited so if you have any pointers,
I'd be happy to hear them.
$ openssl s_client -connect portfolio.iguw.tuwien.ac.at:443
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
