verify status 18 (not strictly an openssl error) means that you (usually as a client)
received a cert chain (usually from the server) with a root cert that is not in your truststore. Yes, this is a slightly confusing error description for this case. If the root cert used should be trusted, fix to use a truststore that contains it. This has the following subcases: - If you are currently not using any truststore, fix to use a good one. - If you are currently using the wrong truststore, fix to use the right one. - If you currently using the right truststore but it doesn’t contain this root cert, add this root cert to the truststore. If the root cert being used should NOT be trusted, fix the server to use a chain from a CA that should be trusted. If openssl does not recognize THAT root, return to the cases above. To decide whether the root cert should be trusted, you may need to look at it. This can be accomplished using openssl s_client –showcerts with a little work, but if you are able to connect HTTPS to this server from a browser like IE or FF, (1) that means the *browser* truststore *does* contain this root; if the browser store has not been modified this means MS or Mozilla respectively thinks this root is trustworthy, which is a pretty good reason to think you should; (2) from the browser you can extract a copy of the cert to use with openssl. From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of sandhya reddy Sent: Monday, October 06, 2014 04:19 To: openssl-users@openssl.org Subject: Openssl err 18 I'm getting an openssl error Err:18 self signed certificate because of which not able to succeed with TLS handshake completion. Any idea on what is to be done to get it fixed ?
