Resending my mail with corrected information
Dear All,
My client program fails to establish the secure connection (https) with
web server due to certificate chain verification failure.
And I think the error is due to a self signed certificate.
_______________________________________________________________________________________________
MY UNDERSTANDING
----------------------
?During a session establishment a server always transmits its certificate
to the client, and the client must validate the certificate.
Therefore, if the server is using a self-signed certificate, the
certificate must be made available to the client prior to the actual
session establishment attempt.
_______________________________________________________________________________________________
QUERY
---------
A) Doesn't client need server's self-signed certificate to validate the
transmitted certificate?
Or
B) Is there a setting that allows accepting of self-signed certificate?
Is Question A is true then how to obtain this certificate.
Client Environment is
Solaris (Unix), gSOAP (C++), openssl
_______________________________________________________________________________________________
OPENSSL command output (confidential information is replaced here)
-----------------------------------
CONNECTED(00000004)
depth=0 /C=UK/ST=New York/L=ABC House/O=ABC Bank/OU=ZIT-A CMA BOS
(2.3.5.1)/CN=shsvd1a.gde
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=UK/ST=New York/L=ABC House/O=ABC Bank/OU=ZIT-A CMA BOS
(2.3.5.1)/CN=shsvd1a.gde
verify return:1
---
Certificate chain
0 s:/C=UK/ST=New York/L=ABC House/O=ABC Bank/OU=ZIT-A CMA BOS
(2.3.5.1)/CN=shsvd1a.gde
i:/C=UK/ST=New York/L=ABC House/O=ABC Bank/OU=ZIT-A CMA BOS
(2.3.5.1)/CN=shsvd1a.gde
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICgDCCAekCBETYvTYwDQYJKoZIhvcNAQEEBQAwgYYxCzAJBgNVBAYTAlVLMQ8w
AWDQYDVQQIEwZMb25kb24xGDAWBgNVBAcTD1NoZXJib3JuZSBIb3VzZTEUMBIGA1UE
ChMLQ29tbWVyemJhbmsxIDAeBgNVBAsTF1pJVC1BIENNQSBCT1MgKDIuMy41LjEp
MRQwEgYDVQQDEwtzaHN2ZDNhLmdkZTAeFw0wNjA4MDgxNjM1MDJaFw0yMzAxMTEx
NjM1MDJaMIGGMQswCQYDVQQGEwJVSzEPMA0GA1UECBMGTG9uZG9uMRgwFgYDVQQH
Ew9TaGVyYm9ybmUgSG91c2UxFDASBgNVBAoTC0NvbW1lcnpiYW5rMSAwHgYDVQQL
ExdaSVQtQSBDTUEgQk9TICgyLjMuNS4xKTEUMBIGA1UEAxMLc2hzdmQzYS5nZGUw
gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMqFdZrLVDXMgrnX7ne6IfRqo38C
ODn2vXMiy+khDVLUDxPh0qsMmV03loPhzwLNviBhxxamiBbtsXXe6ztXf09LOmtu
g4UTQUXuBTaBqsOivqZBmr2Nxaq9j7Ma3dVG+dAsgfSgzn5h78sWfQkD+hX6DCXR
xFxP2Ls1wrnJ5Ia9AgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAgfOx7UeISfuw04OU
EC4Ur5uNPE2kQ92KSNgLRJMZ/xQYjZVmCWSOEJVO+NrLWuO6Mv86cnKPLBWnCRFe
GYm9EIbMKDExs8QWU0+gYkUHBHjtWbMYIeiFNUFBQvr+rqINdci2L52jRbLeWPgY
HK+zxEoiBFpbDEciVFUzyq1XTeA=
-----END CERTIFICATE-----
subject=/C=UK/ST=New York/L=ABC House/O=ABC Bank/OU=ZIT-A CMA BOS
(2.3.5.1)/CN=shsvd1a.gde
issuer=/C=UK/ST=New York/L=ABC House/O=ABC Bank/OU=ZIT-A CMA BOS
(2.3.5.1)/CN=shsvd1a.gde
---
No client certificate CA names sent
---
SSL handshake has read 1185 bytes and written 338 bytes
---
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : EDH-RSA-DES-CBC3-SHA
Session-ID:
4688BDBECF7EEBC40A44CD4DBC9B272864EBC987406E0F72579D444A4831F457
Session-ID-ctx:
Master-Key:
99F6236023E13435BD8CBEDD5126254E3F46E61EEB6D432483F1D755975623EF708C85E3BBC36418AEFCFFF791612C32
Key-Arg : None
Start Time: 1183366590
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
Thanks in advance
Regards,
Vishal Vashishta
ForwardSourceID:NT00016C66
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
