Trying to test certs before moving on to LDAP tests. The certs were
obtained from a CA running on a MS box. Here's what happens:
openssl s_client -connect adtest:636 -cert foo.pem "-CAfile" homeca_ce
rt_chain.p7b
Enter pass phrase for foo.pem:
CONNECTED(00000003)
depth=0 /CN=adtest.altdomain2000.psccos.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /CN=adtest.altdomain2000.psccos.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /CN=adtest.altdomain2000.psccos.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/CN=adtest.altdomain2000.psccos.com
i:/C=US/ST=CO/L=Colorado Springs/O=Process Software/CN=homeca
---
Server certificate
-----BEGIN CERTIFICATE-----
<snip>
-----END CERTIFICATE-----
subject=/CN=adtest.altdomain2000.psccos.com
issuer=/C=US/ST=CO/L=Colorado Springs/O=Process Software/CN=homeca
---
Acceptable client certificate CA names
/C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification Authority -
G2/OU
=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network
/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority -
G2/OU
=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting/OU=Certification Services
Division/CN=Thawte Personal Freemail
CA/[EMAIL PROTECTED]
m
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting/OU=Certification Services
Division/CN=Thawte Personal Premium CA/[EMAIL PROTECTED]
/C=US/O=First Data Digital Certificates Inc./CN=First Data Digital Certificates
Inc. Certification Authority
/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting/OU=Certification Services
Division/CN=Thawte Personal Basic CA/[EMAIL PROTECTED]
/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
/C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority
/C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification Authority
/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority -
G2/OU
=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network
/C=US/O=GTE Corporation/CN=GTE CyberTrust Root
/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust
Glob
al Root
/OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft
Corporation/CN=Microsoft Roo
t Authority
/C=US/ST=CO/L=Colorado Springs/O=Process Software/CN=homeca
/C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority -
G2/OU
=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network
/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust
Root
---
SSL handshake has read 3950 bytes and written 1894 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID:
DD1800008DC43C611B7F9BF918ADF32D71805414EEB0D52BBA3D62EB0083945B
Session-ID-ctx:
Master-Key:
8690211CC78E99D0930648E65ECCB50C753C4717A0BE8E16B07C57F03D975CAA
AF700EE9A05116F73C29B3890B0558A0
Key-Arg : None
Start Time: 1160019284
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
bad select 38
What is this telling me? I downloaded the CA certificate from the MS
system and have a server certificate. I'm *VERY* lost in all this!
HELP!!!!
------
+-------------------------------+----------------------------------------+
| Dan O'Reilly | "There are 10 types of people in this |
| Principal Engineer | world: those who understand binary |
| Process Software | and those who don't." |
| http://www.process.com | |
+-------------------------------+----------------------------------------+
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
