Re: Help required on Openssl Certificate isssue

Wed, 30 Jul 2008 13:57:10 -0700 

Sachin Puttur wrote:

Hi,
The Self signed Certificate is created in Windows server 2008 as given below.We have created the certificate file hpcpb.cer. 

Then we will follow below  steps  in linux machine  .

1)      openssl  x509  -in  test.cer  -inform  d  -out   hpcbp.pem


2)      cp hpcbp.pem /usr/share/ssl/certs/.

3)       c_rehash


4) I am issuing below command from Linux machine(blrm188) to connect the 
machine where windows server 2008 is installed .

         openssl s_client -connect blrm188.hpccluster:443



With the exception of openssl verify, most openssl commands do not seem 
to check the system certificate store automatically, you have to specify 
-CApath to it.  However, programs that automatically use the openssl 
certificate store such as wget, mutt, subversion, should be working 
correctly.




[EMAIL PROTECTED] HPCBP]# openssl s_client -connect blrm188.hpccluster:443
CONNECTED(00000003)
depth=0 /CN=BLRM188.HPCCLUSTER
*verify error:num=20:unable to get local issuer certificate*
verify return:1
depth=0 /CN=BLRM188.HPCCLUSTER
*verify error:num=21:unable to verify the first certificate*
verify return:1
---
Certificate chain
 0 s:/CN=BLRM188.HPCCLUSTER
   i:/CN=BLRM188.HPCCLUSTER
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC6DCCAdCgAwIBAgIQRZUNbRWofbRCrVpIqCYWBzANBgkqhkiG9w0BAQUFADAd
MRswGQYDVQQDExJCTFJNMTg4LkhQQ0NMVVNURVIwHhcNMDgwNzI2MDAwOTI5WhcN
MDkwNzI1MDAwMDAwWjAdMRswGQYDVQQDExJCTFJNMTg4LkhQQ0NMVVNURVIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDjBd4KUfEbxW/Nmikcxy81MSXI
/1T6/Zc4GG58/LF+fEftc/QfbrESC2XjrexteKMuYR8tu55l1NsxGnjnHiGxNo0p
/aj2l8aI/fNPVavIQUdLJ2cnNTGf2tHqia8/2dViqpZMrg0PYjs2FSR1zoVz4Zef
CK+s2/Rq2OBQOTDveUSDzJE+WJhZ1eWKAHpCzj9bp8Qk9RxpREUpwDZgXzVYoC6x
hKc94z2RzLk8KGnDwK/F+Zxd10tc6Op0JOQRGRjIcnxYeH9eMQ3oOhyDZMRWF8dx
bv7YTFKiG0Cg3hYKRKTjoqytDyai/7jUblSN0GRECs2jx97QSpSLbQB8T3zLAgMB
AAGjJDAiMAsGA1UdDwQEAwIEMDATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG
9w0BAQUFAAOCAQEADStRXlFuxgItMuymCBZxJgeywN4ZJ9PoNjKNA0bZ1OEFjH7l
qpsORfQ8b6sgq4v/LNrW28aOKW3pV4YIWXC582dZT+Htx8FgOWs9BZ/ldm2BjnZB
tEVsNY6h/bAZTe1M8w3/en39fxd08gIvETr7oaVuUEJzbfkudPci0xCg5dqoBBiW
JiPZxwSKFnfJens3iFrnahJRbf0LkzRiJAXzu0XYBUTrmThQZHHGKfkMu94jFuJq
/l/TCKZD/C8FuCGQDIXZp5Zg0KnVDGs+VZGILXd3TRmScmmnNzls/9WcTMXY2yEx
gGRwjroaiXOk+lZU2jgdHFSuU6aIUFLxeoIiig==
-----END CERTIFICATE-----
subject=/CN=BLRM188.HPCCLUSTER
issuer=/CN=BLRM188.HPCCLUSTER
---
*No client certificate CA names sent*
---
SSL handshake has read 900 bytes and written 468 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES128-SHA

    Session-ID: 
330D000009CCCB40AA1822EB1CF8140E2A32483C00DCD1806FC91708EE13A090

    Session-ID-ctx:

    Master-Key: 
0E2E19A17AA16276EF4C61F96B000F0CCD8D78C04208B50D194D3EF38E1D958D042528969F65C1A45CE1A8DC095ACBB5

    Key-Arg   : None
    Krb5 Principal: None
    Start Time: 1216988971
    Timeout   : 300 (sec)
   * Verify return code: 21 (unable to verify the first certificate)
*

Please send your comments /suggestions on the error messages highlighted 
here.



Thank you,
Sachin P B




--
Loren M. Lang
[EMAIL PROTECTED]
http://www.north-winds.org/


Public Key: ftp://ftp.north-winds.org/pub/lorenl_pubkey.asc
Fingerprint: 10A0 7AE2 DAF5 4780 888A  3FA4 DCEE BB39 7654 DE5B




Attachment:
signature.asc

Description: OpenPGP digital signature






















					Reply via email to