Resending my mail with corrected information
Dear All, My client program fails to establish the secure connection (https) with web server due to certificate chain verification failure. And I think the error is due to a self signed certificate. _______________________________________________________________________________________________ MY UNDERSTANDING ---------------------- ?During a session establishment a server always transmits its certificate to the client, and the client must validate the certificate. Therefore, if the server is using a self-signed certificate, the certificate must be made available to the client prior to the actual session establishment attempt. _______________________________________________________________________________________________ QUERY --------- A) Doesn't client need server's self-signed certificate to validate the transmitted certificate? Or B) Is there a setting that allows accepting of self-signed certificate? Is Question A is true then how to obtain this certificate. Client Environment is Solaris (Unix), gSOAP (C++), openssl _______________________________________________________________________________________________ OPENSSL command output (confidential information is replaced here) ----------------------------------- CONNECTED(00000004) depth=0 /C=UK/ST=New York/L=ABC House/O=ABC Bank/OU=ZIT-A CMA BOS (2.3.5.1)/CN=shsvd1a.gde verify error:num=18:self signed certificate verify return:1 depth=0 /C=UK/ST=New York/L=ABC House/O=ABC Bank/OU=ZIT-A CMA BOS (2.3.5.1)/CN=shsvd1a.gde verify return:1 --- Certificate chain 0 s:/C=UK/ST=New York/L=ABC House/O=ABC Bank/OU=ZIT-A CMA BOS (2.3.5.1)/CN=shsvd1a.gde i:/C=UK/ST=New York/L=ABC House/O=ABC Bank/OU=ZIT-A CMA BOS (2.3.5.1)/CN=shsvd1a.gde --- Server certificate -----BEGIN CERTIFICATE----- MIICgDCCAekCBETYvTYwDQYJKoZIhvcNAQEEBQAwgYYxCzAJBgNVBAYTAlVLMQ8w AWDQYDVQQIEwZMb25kb24xGDAWBgNVBAcTD1NoZXJib3JuZSBIb3VzZTEUMBIGA1UE ChMLQ29tbWVyemJhbmsxIDAeBgNVBAsTF1pJVC1BIENNQSBCT1MgKDIuMy41LjEp MRQwEgYDVQQDEwtzaHN2ZDNhLmdkZTAeFw0wNjA4MDgxNjM1MDJaFw0yMzAxMTEx NjM1MDJaMIGGMQswCQYDVQQGEwJVSzEPMA0GA1UECBMGTG9uZG9uMRgwFgYDVQQH Ew9TaGVyYm9ybmUgSG91c2UxFDASBgNVBAoTC0NvbW1lcnpiYW5rMSAwHgYDVQQL ExdaSVQtQSBDTUEgQk9TICgyLjMuNS4xKTEUMBIGA1UEAxMLc2hzdmQzYS5nZGUw gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMqFdZrLVDXMgrnX7ne6IfRqo38C ODn2vXMiy+khDVLUDxPh0qsMmV03loPhzwLNviBhxxamiBbtsXXe6ztXf09LOmtu g4UTQUXuBTaBqsOivqZBmr2Nxaq9j7Ma3dVG+dAsgfSgzn5h78sWfQkD+hX6DCXR xFxP2Ls1wrnJ5Ia9AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAgfOx7UeISfuw04OU EC4Ur5uNPE2kQ92KSNgLRJMZ/xQYjZVmCWSOEJVO+NrLWuO6Mv86cnKPLBWnCRFe GYm9EIbMKDExs8QWU0+gYkUHBHjtWbMYIeiFNUFBQvr+rqINdci2L52jRbLeWPgY HK+zxEoiBFpbDEciVFUzyq1XTeA= -----END CERTIFICATE----- subject=/C=UK/ST=New York/L=ABC House/O=ABC Bank/OU=ZIT-A CMA BOS (2.3.5.1)/CN=shsvd1a.gde issuer=/C=UK/ST=New York/L=ABC House/O=ABC Bank/OU=ZIT-A CMA BOS (2.3.5.1)/CN=shsvd1a.gde --- No client certificate CA names sent --- SSL handshake has read 1185 bytes and written 338 bytes --- New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher : EDH-RSA-DES-CBC3-SHA Session-ID: 4688BDBECF7EEBC40A44CD4DBC9B272864EBC987406E0F72579D444A4831F457 Session-ID-ctx: Master-Key: 99F6236023E13435BD8CBEDD5126254E3F46E61EEB6D432483F1D755975623EF708C85E3BBC36418AEFCFFF791612C32 Key-Arg : None Start Time: 1183366590 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- Thanks in advance Regards, Vishal Vashishta ForwardSourceID:NT00016C66 =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you