Hi Everyone,
I met something wrong when I used s_client to
connect an HTTPS server.
I list the process as following:
# openssl s_client -connect
my.test.host:443 -ssl3
CONNECTED(00000004)
depth=0 ...(omitted)
depth=0 ...(omitted)
verify error:num=20:unable to get
local issuer certificate
verify return:1
depth=0 ...(omitted)
verify error:num=27:certificate not trusted
verify return:1
depth=0 ...(omitted)
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 ...(omitted)
i:/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICmzCCAggCEEnUw029NF0AkaPT2yHF8+QwDQYJKoZIhvcNAQEEBQAwXzELMAkG
...(omitted)
-----END CERTIFICATE-----
subject=/C ...(omitted)
issuer=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
---
No client certificate CA names sent
---
SSL handshake has read 831 bytes and written 230 bytes
---
New, TLSv1/SSLv3, Cipher is EXP-RC4-MD5
Server public key is 511 bit
SSL-Session:
Protocol : SSLv3
Cipher : EXP-RC4-MD5
Session-ID: 0B0000000C9E1F361BDA62F2FA2C8F221DD9F9A11A52F7D669B29592275758FA
Session-ID-ctx:
Master-Key: 9BFA7843CB2B8A99A16E376402DCF7DEBC55BBEFDC2A04E850E041AEC8F2F20B480CB16719117B26B576DB2FA58924A6
Key-Arg : None
Start Time: 974307478
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
verify return:1
depth=0 ...(omitted)
verify error:num=27:certificate not trusted
verify return:1
depth=0 ...(omitted)
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 ...(omitted)
i:/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICmzCCAggCEEnUw029NF0AkaPT2yHF8+QwDQYJKoZIhvcNAQEEBQAwXzELMAkG
...(omitted)
-----END CERTIFICATE-----
subject=/C ...(omitted)
issuer=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
---
No client certificate CA names sent
---
SSL handshake has read 831 bytes and written 230 bytes
---
New, TLSv1/SSLv3, Cipher is EXP-RC4-MD5
Server public key is 511 bit
SSL-Session:
Protocol : SSLv3
Cipher : EXP-RC4-MD5
Session-ID: 0B0000000C9E1F361BDA62F2FA2C8F221DD9F9A11A52F7D669B29592275758FA
Session-ID-ctx:
Master-Key: 9BFA7843CB2B8A99A16E376402DCF7DEBC55BBEFDC2A04E850E041AEC8F2F20B480CB16719117B26B576DB2FA58924A6
Key-Arg : None
Start Time: 974307478
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
GET /SSL/login.asp HTTP/1.0
The HTTPS server was "RENEGOTIATING" and then gave me
an reject information just like the lines above.
I am an newbie in SSL field, and I think maybe I
should a "client certificate". But after I finished my client certificate under
the instruction of the SSL documents, the server did not recognize it yet. So my
question is:
1. What is the problem?
2. How should I do to overcome it?
3. How can I make my "TRUSTED" client certificate? I
think if I can do it freely it will be more perfect.
Thank you for your
kindness.
_____________________________________________________________
_____________________________________________________________