Hi, I am new to openssl and learning how to use it. I am trying to read the self-signed SSL certificate created on a webserver. I am using OpenSSL 1.1.1k on the client machine when I make a request using:
openssl s_client -showcerts -connect 192.168.1.200:443 I end up with the following error "*unsupported certificate purpose" *from the server. CONNECTED(00000003) Can't use SSL_get_servername depth=0 O = Verint, C = US, CN = 192.168.1.200, L = Columbia, OU = Verint verify error:num=18:self signed certificate verify return:1 depth=0 O = Verint, C = US, CN = 192.168.1.200, L = Columbia, OU = Verint verify error:num=26:unsupported certificate purpose verify return:1 depth=0 O = Verint, C = US, CN = 192.168.1.200, L = Columbia, OU = Verint verify return:1 --- Certificate chain 0 s:O = Verint, C = US, CN = 192.168.1.200, L = Columbia, OU = Verint i:O = Verint, C = US, CN = 192.168.1.200, L = Columbia, OU = Verint -----BEGIN CERTIFICATE----- MIIDrjCCApagAwIBAgIBATANBgkqhkiG9w0BAQUFADBaMQ8wDQYDVQQKDAZWZXJp bnQxCzAJBgNVBAYTAlVTMRYwFAYDVQQDDA0xOTIuMTY4LjEuMjAwMREwDwYDVQQH DAhDb2x1bWJpYTEPMA0GA1UECwwGVmVyaW50MB4XDTIxMDcyMTIwNTExMloXDTIy MDcyMTIwNTExMlowWjEPMA0GA1UECgwGVmVyaW50MQswCQYDVQQGEwJVUzEWMBQG A1UEAwwNMTkyLjE2OC4xLjIwMDERMA8GA1UEBwwIQ29sdW1iaWExDzANBgNVBAsM BlZlcmludDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALjovQgQ5Nkt d1IzjBUwz4mg1L2VhRW6VDeNWxfkTT+j+wwI7n4w612T/dvzUYVgkWYE4bJV/VrP wXw6O0wwr2e4LyF8QqSGjtOo6rKOIvO3CJDsj3ogGq5ERYzbLO4g2VZ6i7nQuQtb rHvg9FMptAbLXv3Ph7ddn7vncTMn+LQB1Xh1Xpnh3H1bEngS1jgH9XM8jpti1q4w 9Y8xfkKBLRC0aiwzfEjblZyvqcqLksKTk1l6oKZC3XLouCHYdQV6j0cZyj2uiabT h/wqAsRJWCgF1dKp/PUGQB41OC4z8zHyyagWbrkKQpVu3h/3Pi3INGQAd9TPXD0o eM5gveWQCakCAwEAAaN/MH0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC AQYwHQYDVR0OBBYEFKL/lWLHhbwa/tUL+PeosbS/KYt9MBEGCWCGSAGG+EIBAQQE AwICBDAoBglghkgBhvhCAQ0EGxYZZXhhbXBsZSBjb21tZW50IGV4dGVuc2lvbjAN BgkqhkiG9w0BAQUFAAOCAQEAc/RhHPG308TirrHqHj+ya7zzhYChDagGflq9K/4T zk2ATcg9SpX57pwZHWu0V3ly2QDn0b6cw08td5NxRYePmb01Q5UbaTFx+fTuAB/N 9/Qusa7nnI7LzoZQ2BtOPBF3Y1UJdEyJzjSuTnWA6J43I3Xi678n+NwHnWSzlgGE SmIjyVIPkuFKP9vHuYLpi7uJf2z8kNrhK+mPo9KMZiJaTid3+YgOfIdFxFZLyPqT fBg61c2jWW7iN6ZFV+iPH9ZluUfkXMCDgGOsLR1qD5ViABiwZk+3dlof9nwn94Y+ jfwcsNl8YERh6ev/lbQxZ9/RzvyRPvNk+srIKRY71K70Dg== -----END CERTIFICATE----- --- Server certificate subject=O = Verint, C = US, CN = 192.168.1.200, L = Columbia, OU = Verint issuer=O = Verint, C = US, CN = 192.168.1.200, L = Columbia, OU = Verint --- No client certificate CA names sent --- SSL handshake has read 1258 bytes and written 613 bytes Verification error: unsupported certificate purpose --- New, TLSv1.2, Cipher is AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : AES256-GCM-SHA384 Session-ID: CE62110F0FC98BF92D285826C94F8E243287309A5B8C685763E228E5A121B04C Session-ID-ctx: Master-Key: 1CD43EA64ED4BAABE3E2BD1B33BFFDDB3E9505D1BF786C5137E23D8FC10B117B6F05709A03312288FAAFFB0990258706 PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 7200 (seconds) TLS session ticket: 0000 - 97 4d 2d 40 e0 55 22 0a-a0 9b a0 f6 76 03 a7 66 .M-@ .U".....v..f 0010 - 1c 12 4d d7 d3 48 64 48-d3 86 b8 69 a2 02 74 64 ..M..HdH...i..td 0020 - a7 01 59 99 98 f1 a7 7b-e1 8d 64 ec 42 e1 d1 9b ..Y....{..d.B... 0030 - 4d 7a e1 6b 01 8b 0d fd-b5 f0 59 b5 ba 9e d8 ab Mz.k......Y..... 0040 - 2f c4 59 9b 85 c6 78 09-28 da 86 ea a7 fe a0 53 /.Y...x.(......S 0050 - 2e 74 2c 28 e2 91 f6 94-cc 35 7f 25 ab b1 b8 cd .t,(.....5.%.... 0060 - 48 96 af 36 de 28 46 d6-65 ce 00 ac a0 df f5 d3 H..6.(F.e....... 0070 - bd f3 bb 6c 79 e6 3d 69-9c 50 0a db 3b f2 7c f4 ...ly.=i.P..;.|. 0080 - 23 c9 29 62 b4 8c a5 55-70 ab 3d 18 1a f3 86 05 #.)b...Up.=..... 0090 - b1 48 11 1d 29 d0 06 e5-df 32 3c fd 09 76 c7 55 .H..)....2<..v.U Start Time: 1626906266 Timeout : 7200 (sec) Verify return code: 26 (*unsupported certificate purpose*) Extended master secret: yes --- Now I do not have access to the server but I would like to know what "*unsupported certificate purpose" *mean? Could anyone throw some light on this?