Perhaps you named the files incorrectly? Based on the results of your "openssl verify" root.crt is what was used to directly sign devylon.com.crt. So it can't be the root cert. It's probably the intermediate.
Try these commands and see what you get for results: openssl verify -CAfile class3.crt root.crt openssl verify -CAfile root.crt class3.crt -Tad On Wed, Nov 4, 2009 at 11:43 AM, Ingo Vietense <[email protected]> wrote: > > $> openssl verify -CAfile root.crt devylon.com.crt > devylon.com.crt: OK > > $> openssl verify -CAfile class3.crt devylon.com.crt > devylon.com.crt: /CN=devylon.com > error 20 at 0 depth lookup:unable to get local issuer certificate > > so the root cert seems to be ok ? > > i downloaded the intermediate cert from > https://www.cacert.org/index.php?id=3 > > > > Am 04.11.09 20:32, schrieb Tad Glines: >> Use "openssl x509 -in<file> -text" to print the information for all >> three certs (or in windows, just right click and select "open"). >> Make sure that you have the correct intermediate and root CA certs. >> >> On Wed, Nov 4, 2009 at 11:27 AM, Ingo Vietense<[email protected]> >> wrote: >> >>> i created a CAcert certificate, but now i get the following exception >>> when i start the fedone: >>> >>> i'm not totaly sure why i get the >>> "Caused by: java.security.cert.CertPathValidatorException: >>> subject/issuer name chaining check failed" >>> exception. >>> >>> starting my fedone with these parameters: >>> wrapper | Command[25] : --certificate_private_key=devylon.com.key >>> wrapper | Command[26] : >>> --certificate_files=devylon.com.crt,class3.crt,root.crt >>> wrapper | Command[27] : --certificate_domain=devylon.com >>> wrapper | Command[28] : --waveserver_disable_verification=false >>> wrapper | Command[29] : --waveserver_disable_signer_verification=false >>> >>> >>> jvm 1 | SEVERE: Failed to add our own signer info to the certificate >>> store >>> jvm 1 | org.waveprotocol.wave.crypto.SignatureException: Certificate >>> validation failure >>> jvm 1 | at >>> org.waveprotocol.wave.crypto.CachedCertPathValidator.validateNoCache(CachedCertPathValidator.java:103) >>> jvm 1 | at >>> org.waveprotocol.wave.crypto.CachedCertPathValidator.validate(CachedCertPathValidator.java:65) >>> jvm 1 | at >>> org.waveprotocol.wave.crypto.WaveSignatureVerifier.verifySignerInfo(WaveSignatureVerifier.java:129) >>> jvm 1 | at >>> org.waveprotocol.wave.examples.fedone.waveserver.CertificateManagerImpl.storeSignerInfo(CertificateManagerImpl.java:196) >>> jvm 1 | at >>> org.waveprotocol.wave.examples.fedone.waveserver.WaveServerImpl.<init>(WaveServerImpl.java:408) >>> jvm 1 | at >>> org.waveprotocol.wave.examples.fedone.waveserver.WaveServerImpl$$FastClassByGuice$$8086ed04.newInstance(<generated>) >>> jvm 1 | at >>> com.google.inject.internal.cglib.reflect.FastConstructor.newInstance(FastConstructor.java:40) >>> jvm 1 | at >>> com.google.inject.internal.DefaultConstructionProxyFactory$1.newInstance(DefaultConstructionProxyFactory.java:58) >>> jvm 1 | at >>> com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:80) >>> jvm 1 | at >>> com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:180) >>> jvm 1 | at >>> com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:43) >>> jvm 1 | at >>> com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:814) >>> jvm 1 | at >>> com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40) >>> jvm 1 | at com.google.inject.Scopes$1$1.get(Scopes.java:64) >>> jvm 1 | at >>> com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40) >>> jvm 1 | at >>> com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:51) >>> jvm 1 | at >>> com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:43) >>> jvm 1 | at >>> com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:814) >>> jvm 1 | at >>> com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40) >>> jvm 1 | at com.google.inject.Scopes$1$1.get(Scopes.java:64) >>> jvm 1 | at >>> com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40) >>> jvm 1 | at >>> com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:51) >>> jvm 1 | at >>> com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38) >>> jvm 1 | at >>> com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62) >>> jvm 1 | at >>> com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:79) >>> jvm 1 | at >>> com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:180) >>> jvm 1 | at >>> com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:43) >>> jvm 1 | at >>> com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:814) >>> jvm 1 | at >>> com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40) >>> jvm 1 | at com.google.inject.Scopes$1$1.get(Scopes.java:64) >>> jvm 1 | at >>> com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40) >>> jvm 1 | at >>> com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:38) >>> jvm 1 | at >>> com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:62) >>> jvm 1 | at >>> com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:79) >>> jvm 1 | at >>> com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:180) >>> jvm 1 | at >>> com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:43) >>> jvm 1 | at >>> com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:814) >>> jvm 1 | at >>> com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40) >>> jvm 1 | at com.google.inject.Scopes$1$1.get(Scopes.java:64) >>> jvm 1 | at >>> com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40) >>> jvm 1 | at >>> com.google.inject.internal.InjectorImpl$4$1.call(InjectorImpl.java:761) >>> jvm 1 | at >>> com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:807) >>> jvm 1 | at >>> com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:757) >>> jvm 1 | at >>> com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:796) >>> jvm 1 | at >>> org.waveprotocol.wave.examples.fedone.ServerMain.run(ServerMain.java:61) >>> jvm 1 | at >>> org.waveprotocol.wave.examples.fedone.ServerMain.main(ServerMain.java:50) >>> jvm 1 | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native >>> Method) >>> jvm 1 | at >>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) >>> jvm 1 | at >>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) >>> jvm 1 | at java.lang.reflect.Method.invoke(Method.java:597) >>> jvm 1 | at >>> org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:238) >>> jvm 1 | at java.lang.Thread.run(Thread.java:619) >>> jvm 1 | Caused by: java.security.cert.CertPathValidatorException: >>> subject/issuer name chaining check failed >>> jvm 1 | at >>> sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:139) >>> jvm 1 | at >>> sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:326) >>> jvm 1 | at >>> sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:178) >>> jvm 1 | at >>> java.security.cert.CertPathValidator.validate(CertPathValidator.java:250) >>> jvm 1 | at >>> org.waveprotocol.wave.crypto.CachedCertPathValidator.validateNoCache(CachedCertPathValidator.java:101) >>> jvm 1 | ... 51 more >>> >>> >>> Am 04.11.09 02:03, schrieb Brian May: >>> >>>> openssl pkcs8 -topk8 -nocrypt -in >>>> /etc/ssl/local/microcomaustralia.com.au.key -out >>>> >>> >>> >>>> >>> >> > >> > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Wave Protocol" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/wave-protocol?hl=en -~----------~----~----~----~------~----~------~--~---
