On Thu, Apr 03, 2003 at 02:52:17PM -0500, Austin Conger (IT) wrote: > Hi All, > > When I submit this command to my Verisign Certificate Secured Site I am getting this > error. > > openssl s_client -connect www.domain.com:443 > > Its returning these errors: > > CONNECTED(00000004) > depth=0 /C=US/ST=michigan/L=some city/O=Company A LLC/OU=Terms of use at > www.verisign.com/rpa (c)00/CN=www.domain.com > verify error:num=20:unable to get local issuer certificate > verify return:1 > depth=0 /C=US/ST=michigan/L=some city/O=Company A LLC/OU=Terms of use at > www.verisign.com/rpa (c)00/CN=www.domain.com > verify error:num=27:certificate not trusted > verify return:1 > depth=0 /C=US/ST=michigan/L=some city/O=Company A LLC/OU=Terms of use at > www.verisign.com/rpa (c)00/CN=www.domain.com > verify error:num=21:unable to verify the first certificate > verify return:1 > etc.... > > Can anyone identify the reason as to why this is happening? > Very simple really - openssl is telling you that it can't verify the certificate because it does not know the CA that it was issued by. Nothing strange or unexpected in that. Use one of the following to enable verification:
-CApath arg - PEM format directory of CA's -CAfile arg - PEM format file of CA's By default openssl knows no CA's, so you need to get the CA cert of the signer and use that. vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]