hello, dear all :
1)
I use the command
openssl to get the trusted certificate, but there are some errors showing in the
output:
bash-2.03# /usr/local/ssl/bin/openssl s_client
-showcerts -connect
login.yahoo.com:443
CONNECTED(00000004)
depth=0 /C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo/CN=login.yahoo.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo/CN=login.yahoo.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo/CN=login.yahoo.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo/CN=login.yahoo.com
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
-----BEGIN CERTIFICATE-----
MIIC7TCCAlagAwIBAgIDBaBMMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDYwMTA0MTcwOTA2WhcNMTEwMTA0MTcwOTA2
WjB4MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxML
U2FudGEgQ2xhcmExFDASBgNVBAoUC1lhaG9vISBJbmMuMQ4wDAYDVQQLEwVZYWhv
bzEYMBYGA1UEAxMPbG9naW4ueWFob28uY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQC1bE/u7xsEXb5wSthVHYp3DcFFAPU7GhDd1/e7emVUf2DSFru9EqV4
eNazUE66F0gneiJvKnwdojYi2FmirjoL1NIbig5aiankmv/bPwTim3XBjcWMBaHz
tZJeoURJGeSQtOnv5F2yIG35I3a4stSvowb1ngOPuIIFIRElRDqABQIDAQABo4Gu
MIGrMA4GA1UdDwEB/wQEAwIE8DAdBgNVHQ4EFgQUoB5uDJtuauvSrlpKGP8Ok0Ya
1jIwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Js
cy9zZWN1cmVjYS5jcmwwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9Qw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4GB
AFAlZRBD4XSDL4+cntx0ZE5xJ04qbkoSe0xBLmFKEQtBprFSyxN2tkXkjdQAmjsC
x4IpAaPuffe5AoidPsMc5j3TkPycVtsZnauoA4B9xOLECTOeWFt3N4lZo4aOod+z
uwLtIWL7usK66NSPZsGlX635P88imxdXoMooxnYDpMTn
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo/CN=login.yahoo.com
issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
No client certificate CA names sent
---
SSL handshake has read 907 bytes and written 320 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : DES-CBC3-SHA
Session-ID: 4C92645DCF76DD39B93FA93134342228789864947A3A14CFB5AB965BA48BE95D
Session-ID-ctx:
Master-Key: 439AA1963FAD38CE860411AC778ED4AFB5F2437BF033ECDA451A07E44FC53FAFDA86EEAA40DD1FF88DB5FDBF1338F669
Key-Arg : None
Start Time: 1161844868
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
read:errno=0
CONNECTED(00000004)
depth=0 /C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo/CN=login.yahoo.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo/CN=login.yahoo.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo/CN=login.yahoo.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo/CN=login.yahoo.com
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
-----BEGIN CERTIFICATE-----
MIIC7TCCAlagAwIBAgIDBaBMMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDYwMTA0MTcwOTA2WhcNMTEwMTA0MTcwOTA2
WjB4MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEUMBIGA1UEBxML
U2FudGEgQ2xhcmExFDASBgNVBAoUC1lhaG9vISBJbmMuMQ4wDAYDVQQLEwVZYWhv
bzEYMBYGA1UEAxMPbG9naW4ueWFob28uY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQC1bE/u7xsEXb5wSthVHYp3DcFFAPU7GhDd1/e7emVUf2DSFru9EqV4
eNazUE66F0gneiJvKnwdojYi2FmirjoL1NIbig5aiankmv/bPwTim3XBjcWMBaHz
tZJeoURJGeSQtOnv5F2yIG35I3a4stSvowb1ngOPuIIFIRElRDqABQIDAQABo4Gu
MIGrMA4GA1UdDwEB/wQEAwIE8DAdBgNVHQ4EFgQUoB5uDJtuauvSrlpKGP8Ok0Ya
1jIwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Js
cy9zZWN1cmVjYS5jcmwwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9Qw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4GB
AFAlZRBD4XSDL4+cntx0ZE5xJ04qbkoSe0xBLmFKEQtBprFSyxN2tkXkjdQAmjsC
x4IpAaPuffe5AoidPsMc5j3TkPycVtsZnauoA4B9xOLECTOeWFt3N4lZo4aOod+z
uwLtIWL7usK66NSPZsGlX635P88imxdXoMooxnYDpMTn
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=California/L=Santa Clara/O=Yahoo! Inc./OU=Yahoo/CN=login.yahoo.com
issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
No client certificate CA names sent
---
SSL handshake has read 907 bytes and written 320 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : DES-CBC3-SHA
Session-ID: 4C92645DCF76DD39B93FA93134342228789864947A3A14CFB5AB965BA48BE95D
Session-ID-ctx:
Master-Key: 439AA1963FAD38CE860411AC778ED4AFB5F2437BF033ECDA451A07E44FC53FAFDA86EEAA40DD1FF88DB5FDBF1338F669
Key-Arg : None
Start Time: 1161844868
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
read:errno=0
Question: what should i do to get the correct
trusted certificate from yahoo? why are there three error info"unable to get local
issuer certificate
", " certificate not trusted", "unable to verify the first certificate"? Do i need to config openssl with another config?
", " certificate not trusted", "unable to verify the first certificate"? Do i need to config openssl with another config?
2)
I tried using "ibm.com" instead and we was able to retrieve the certificate and make a connection without errors.
I tried using "ibm.com" instead and we was able to retrieve the certificate and make a connection without errors.
This command displays the certificates.
bash# openssl s_client -showcerts -connect
ibm.com:443
CONNECTED(00000004)
depth=1 /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
0 s:/C=US/ST=NC/L=Research Triangle Park/O=IBM/OU=HPODS/CN=redirect.www.ibm.com
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
-----BEGIN CERTIFICATE-----
MIIC7TCCAlagAwIBAgIDBawBMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDYwMjAyMTgyMzEwWhcNMDcwNTA1MTcyMzEw
WjB4MQswCQYDVQQGEwJVUzELMAkGA1UECBMCTkMxHzAdBgNVBAcTFlJlc2VhcmNo
IFRyaWFuZ2xlIFBhcmsxDDAKBgNVBAoTA0lCTTEOMAwGA1UECxMFSFBPRFMxHTAb
BgNVBAMTFHJlZGlyZWN0Lnd3dy5pYm0uY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQCrhMJNDpABGrYPFf+Ib3UB6ibWLtEXh06+jmqmxAKOiUkQDfSIZam+
POxK+L4diycQchs6E37MfEhnnqqOQSguX2kfaN5iuWQyINgj+TRs7kc7FBzmRhKC
/mUXkdv2SvP/8z8gwbVWe1kGRBlqZTrHPDSshY8Chb6B/61mvbabPQIDAQABo4Gu
MIGrMA4GA1UdDwEB/wQEAwIE8DAdBgNVHQ4EFgQUFrbeNkcAqnsXX4eeHqVhmPNA
3aYwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Js
cy9zZWN1cmVjYS5jcmwwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9Qw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4GB
AHpAm1OotPlh4Q08gLgGaNxcOn+WGjbtJHAlwurfkd7ncXOipBePIyjDtO2AG+g4
SFkaiw0Dkc9FLxXjFNTehrXTEDmkpfpsrAndR4WefiLFRo3B7HA92H+Wzi9a2jn0
Kl2Zla7QpFM4YPiGZPnTzr5jEOrG9CyxsFl240Y2O5pu
-----END CERTIFICATE-----
1 s:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
-----BEGIN CERTIFICATE-----
MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=NC/L=Research Triangle Park/O=IBM/OU=HPODS/CN=redirect.www.ibm.com
issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
No client certificate CA names sent
---
SSL handshake has read 1704 bytes and written 323 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : DES-CBC3-SHA
Session-ID: 0000F970E2411CA27D9AEB021BB5310BE7720A69585858584548E38A000001EF
Session-ID-ctx:
Master-Key: 9077E6FBB41CB8AFFCDA511F5B1EED867772EFF5B8DF78D3DCB1F4E86BE1DDA0398BC4712BCDA657FA328360C22EE54E
Key-Arg : None
Start Time: 1162404746
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
^C
CONNECTED(00000004)
depth=1 /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
0 s:/C=US/ST=NC/L=Research Triangle Park/O=IBM/OU=HPODS/CN=redirect.www.ibm.com
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
-----BEGIN CERTIFICATE-----
MIIC7TCCAlagAwIBAgIDBawBMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDYwMjAyMTgyMzEwWhcNMDcwNTA1MTcyMzEw
WjB4MQswCQYDVQQGEwJVUzELMAkGA1UECBMCTkMxHzAdBgNVBAcTFlJlc2VhcmNo
IFRyaWFuZ2xlIFBhcmsxDDAKBgNVBAoTA0lCTTEOMAwGA1UECxMFSFBPRFMxHTAb
BgNVBAMTFHJlZGlyZWN0Lnd3dy5pYm0uY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQCrhMJNDpABGrYPFf+Ib3UB6ibWLtEXh06+jmqmxAKOiUkQDfSIZam+
POxK+L4diycQchs6E37MfEhnnqqOQSguX2kfaN5iuWQyINgj+TRs7kc7FBzmRhKC
/mUXkdv2SvP/8z8gwbVWe1kGRBlqZTrHPDSshY8Chb6B/61mvbabPQIDAQABo4Gu
MIGrMA4GA1UdDwEB/wQEAwIE8DAdBgNVHQ4EFgQUFrbeNkcAqnsXX4eeHqVhmPNA
3aYwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Js
cy9zZWN1cmVjYS5jcmwwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9Qw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4GB
AHpAm1OotPlh4Q08gLgGaNxcOn+WGjbtJHAlwurfkd7ncXOipBePIyjDtO2AG+g4
SFkaiw0Dkc9FLxXjFNTehrXTEDmkpfpsrAndR4WefiLFRo3B7HA92H+Wzi9a2jn0
Kl2Zla7QpFM4YPiGZPnTzr5jEOrG9CyxsFl240Y2O5pu
-----END CERTIFICATE-----
1 s:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
-----BEGIN CERTIFICATE-----
MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=NC/L=Research Triangle Park/O=IBM/OU=HPODS/CN=redirect.www.ibm.com
issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
No client certificate CA names sent
---
SSL handshake has read 1704 bytes and written 323 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : DES-CBC3-SHA
Session-ID: 0000F970E2411CA27D9AEB021BB5310BE7720A69585858584548E38A000001EF
Session-ID-ctx:
Master-Key: 9077E6FBB41CB8AFFCDA511F5B1EED867772EFF5B8DF78D3DCB1F4E86BE1DDA0398BC4712BCDA657FA328360C22EE54E
Key-Arg : None
Start Time: 1162404746
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
^C
bash# cat ibm.com.pem
-----BEGIN CERTIFICATE-----
MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV
UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy
dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1
MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx
dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f
BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A
cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC
AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ
MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm
aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw
ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj
IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF
MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA
A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y
7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh
1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4
-----END CERTIFICATE-----
This
command connects to ibm.com with the trusted root CA in ibm.com.pem. There
are no error messages.
bash# openssl s_client -CAfile ibm.com.pem -connect ibm.com:443
CONNECTED(00000004)
depth=1 /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
verify return:1
depth=0 /C=US/ST=NC/L=Research Triangle Park/O=IBM/OU=HPODS/CN=redirect.www.ibm.com
verify return:1
---
Certificate chain
0 s:/C=US/ST=NC/L=Research Triangle Park/O=IBM/OU=HPODS/CN=redirect.www.ibm.com
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
1 s:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC7TCCAlagAwIBAgIDBawBMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDYwMjAyMTgyMzEwWhcNMDcwNTA1MTcyMzEw
WjB4MQswCQYDVQQGEwJVUzELMAkGA1UECBMCTkMxHzAdBgNVBAcTFlJlc2VhcmNo
IFRyaWFuZ2xlIFBhcmsxDDAKBgNVBAoTA0lCTTEOMAwGA1UECxMFSFBPRFMxHTAb
BgNVBAMTFHJlZGlyZWN0Lnd3dy5pYm0uY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQCrhMJNDpABGrYPFf+Ib3UB6ibWLtEXh06+jmqmxAKOiUkQDfSIZam+
POxK+L4diycQchs6E37MfEhnnqqOQSguX2kfaN5iuWQyINgj+TRs7kc7FBzmRhKC
/mUXkdv2SvP/8z8gwbVWe1kGRBlqZTrHPDSshY8Chb6B/61mvbabPQIDAQABo4Gu
MIGrMA4GA1UdDwEB/wQEAwIE8DAdBgNVHQ4EFgQUFrbeNkcAqnsXX4eeHqVhmPNA
3aYwOgYDVR0fBDMwMTAvoC2gK4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Js
cy9zZWN1cmVjYS5jcmwwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gjIBBPM5iQn9Qw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4GB
AHpAm1OotPlh4Q08gLgGaNxcOn+WGjbtJHAlwurfkd7ncXOipBePIyjDtO2AG+g4
SFkaiw0Dkc9FLxXjFNTehrXTEDmkpfpsrAndR4WefiLFRo3B7HA92H+Wzi9a2jn0
Kl2Zla7QpFM4YPiGZPnTzr5jEOrG9CyxsFl240Y2O5pu
-----END CERTIFICATE-----
subject=/C=US/ST=NC/L=Research Triangle Park/O=IBM/OU=HPODS/CN=redirect.www.ibm.com
issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
No client certificate CA names sent
---
SSL handshake has read 1704 bytes and written 323 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : DES-CBC3-SHA
Session-ID: 0000F9709068D5C248DC7F3049FCFBA620A27F56585858584548E3C800000208
Session-ID-ctx:
Master-Key: 9F9CDDCBB0DF7A7F8459C300BEA4875FA71096D11786384BE0B2841E13705AAC0408947591276FDC809F9859DBB3A814
Key-Arg : None
Start Time: 1162404808
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
DONE
Question:I think
there is something wrong with the yahoo web site: it does not
display the trusted root CA. But why
could I use browser such as ie to
access
yahoo https website?
In a word, Does someone know how to get the trusted or
self-asigned certificate of the website mail.yahoo.com using
openssl?
Thanks in
advance
Best Regards
Hu Yongjun
