>From: owner-openssl-us...@openssl.org On Behalf Of Hasan, Rezaul (NSN - US/Arlington Heights) >Sent: Thursday, 26 July, 2012 12:02
>I have created a self-signed CA certificate, a Client certificate and a >Server certificate. I signed the Client and Server certificates with >the self-signed CA certificate and placed all certs in the appropriate >locations. Then attempted to create an SSL connection with >'openssl s_client ..' , and get this >Verify return code: 19 (self signed certificate in certificate chain) >Is this an error indicating that the SSL connection failed, or is it simply >a "warning" ? I am guessing its just a warning, but wanted to confirm. For s_client, it's a warning. s_client overrides verify errors and allows you to continue. Most real apps don't do this and shouldn't, so for real apps this will probably be fatal. >... -cert client.crt -key client.key -CApath /root/CERT Did you put your CA cert in /root/CERT >with a symlink from $subjecthash.$seq, or if you prefer directly under that name<? If not, OpenSSL won't find it. Alternatively, use -CAfile with all your roots (perhaps only one) in a file. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
