$> openssl verify -CAfile root.crt devylon.com.crt
devylon.com.crt: OK

$> openssl verify -CAfile class3.crt devylon.com.crt
devylon.com.crt: /CN=devylon.com
error 20 at 0 depth lookup:unable to get local issuer certificate

so the root cert seems to be ok ?

i downloaded the intermediate cert from 
https://www.cacert.org/index.php?id=3



Am 04.11.09 20:32, schrieb Tad Glines:
> Use "openssl x509 -in<file>  -text" to print the information for all
> three certs (or in windows, just right click and select "open").
> Make sure that you have the correct intermediate and root CA certs.
>
> On Wed, Nov 4, 2009 at 11:27 AM, Ingo Vietense<[email protected]>  
> wrote:
>    
>> i created a CAcert certificate, but now i get the following exception
>> when i start the fedone:
>>
>> i'm not totaly sure why i get the
>>   "Caused by: java.security.cert.CertPathValidatorException:
>> subject/issuer name chaining check failed"
>> exception.
>>
>> starting my fedone with these parameters:
>> wrapper  | Command[25] : --certificate_private_key=devylon.com.key
>> wrapper  | Command[26] :
>> --certificate_files=devylon.com.crt,class3.crt,root.crt
>> wrapper  | Command[27] : --certificate_domain=devylon.com
>> wrapper  | Command[28] : --waveserver_disable_verification=false
>> wrapper  | Command[29] : --waveserver_disable_signer_verification=false
>>
>>
>> jvm 1    | SEVERE: Failed to add our own signer info to the certificate
>> store
>> jvm 1    | org.waveprotocol.wave.crypto.SignatureException: Certificate
>> validation failure
>> jvm 1    |      at
>> org.waveprotocol.wave.crypto.CachedCertPathValidator.validateNoCache(CachedCertPathValidator.java:103)
>> jvm 1    |      at
>> org.waveprotocol.wave.crypto.CachedCertPathValidator.validate(CachedCertPathValidator.java:65)
>> jvm 1    |      at
>> org.waveprotocol.wave.crypto.WaveSignatureVerifier.verifySignerInfo(WaveSignatureVerifier.java:129)
>> jvm 1    |      at
>> org.waveprotocol.wave.examples.fedone.waveserver.CertificateManagerImpl.storeSignerInfo(CertificateManagerImpl.java:196)
>> jvm 1    |      at
>> org.waveprotocol.wave.examples.fedone.waveserver.WaveServerImpl.<init>(WaveServerImpl.java:408)
>> jvm 1    |      at
>> org.waveprotocol.wave.examples.fedone.waveserver.WaveServerImpl$$FastClassByGuice$$8086ed04.newInstance(<generated>)
>> jvm 1    |      at
>> com.google.inject.internal.cglib.reflect.FastConstructor.newInstance(FastConstructor.java:40)
>> jvm 1    |      at
>> com.google.inject.internal.DefaultConstructionProxyFactory$1.newInstance(DefaultConstructionProxyFactory.java:58)
>> jvm 1    |      at
>> com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:80)
>> jvm 1    |      at
>> com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:180)
>> jvm 1    |      at
>> com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:43)
>> jvm 1    |      at
>> com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:814)
>> jvm 1    |      at
>> com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
>> jvm 1    |      at com.google.inject.Scopes$1$1.get(Scopes.java:64)
>> jvm 1    |      at
>> com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40)
>> jvm 1    |      at
>> com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:51)
>> jvm 1    |      at
>> com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:43)
>> jvm 1    |      at
>> com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:814)
>> jvm 1    |      at
>> com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
>> jvm 1    |      at com.google.inject.Scopes$1$1.get(Scopes.java:64)
>> jvm 1    |      at
>> com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40)
>> jvm 1    |      at
>> com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:51)
>> jvm 1    |      at
>> com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
>> jvm 1    |      at
>> com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
>> jvm 1    |      at
>> com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:79)
>> jvm 1    |      at
>> com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:180)
>> jvm 1    |      at
>> com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:43)
>> jvm 1    |      at
>> com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:814)
>> jvm 1    |      at
>> com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
>> jvm 1    |      at com.google.inject.Scopes$1$1.get(Scopes.java:64)
>> jvm 1    |      at
>> com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40)
>> jvm 1    |      at
>> com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38)
>> jvm 1    |      at
>> com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62)
>> jvm 1    |      at
>> com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:79)
>> jvm 1    |      at
>> com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:180)
>> jvm 1    |      at
>> com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:43)
>> jvm 1    |      at
>> com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:814)
>> jvm 1    |      at
>> com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
>> jvm 1    |      at com.google.inject.Scopes$1$1.get(Scopes.java:64)
>> jvm 1    |      at
>> com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40)
>> jvm 1    |      at
>> com.google.inject.internal.InjectorImpl$4$1.call(InjectorImpl.java:761)
>> jvm 1    |      at
>> com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:807)
>> jvm 1    |      at
>> com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:757)
>> jvm 1    |      at
>> com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:796)
>> jvm 1    |      at
>> org.waveprotocol.wave.examples.fedone.ServerMain.run(ServerMain.java:61)
>> jvm 1    |      at
>> org.waveprotocol.wave.examples.fedone.ServerMain.main(ServerMain.java:50)
>> jvm 1    |      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>> Method)
>> jvm 1    |      at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>> jvm 1    |      at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> jvm 1    |      at java.lang.reflect.Method.invoke(Method.java:597)
>> jvm 1    |      at
>> org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:238)
>> jvm 1    |      at java.lang.Thread.run(Thread.java:619)
>> jvm 1    | Caused by: java.security.cert.CertPathValidatorException:
>> subject/issuer name chaining check failed
>> jvm 1    |      at
>> sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:139)
>> jvm 1    |      at
>> sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:326)
>> jvm 1    |      at
>> sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:178)
>> jvm 1    |      at
>> java.security.cert.CertPathValidator.validate(CertPathValidator.java:250)
>> jvm 1    |      at
>> org.waveprotocol.wave.crypto.CachedCertPathValidator.validateNoCache(CachedCertPathValidator.java:101)
>> jvm 1    |      ... 51 more
>>
>>
>> Am 04.11.09 02:03, schrieb Brian May:
>>      
>>> openssl pkcs8 -topk8 -nocrypt -in 
>>> /etc/ssl/local/microcomaustralia.com.au.key -out
>>>        
>>
>>      
>>>        
>>      
> >
>    


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Wave 
Protocol" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to 
[email protected]
For more options, visit this group at 
http://groups.google.com/group/wave-protocol?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to