Your server certificate isn't getting verified against the client's trust store(myca.pem). This could be the case where the CA that signed the server cert isn't present in the client's trust store. You can use Openssl's verify command to check why this is happening.
-Sandeep On Thu, Apr 29, 2010 at 1:23 AM, sara bai <sara....@gmail.com> wrote: > > hi: > Actually I got some error when connect ssl server by this way . I've created > a self-signed certificate > > # openssl s_client -ssl3 -connect 127.0.0.1:9999 -verify 10 -showcerts > -cert /home/myCA/certs/client.pem -key /home/myCA/private/client.pem -CAfile > /home/myCA/certs/myca.pem -msg -debug > > > >> verify error:num=20:unable to get local issuer certificate > > verify error:num=27:certificate not trusted > verify error:num=21:unable to verify the first certificate > > No client certificate CA names sent > >> Verify return code: 21 (unable to verify the first certificate) > > > I have no idea how to send client cercificate CA names ... > > > 2010/4/29 Vladimir Belov <ml.vladimbe...@gmail.com> > > >> I think there is no such file yet. I could be mistaken. >> >> For what do you need this file? Do you want to know how to create a >> self-signed test certificate or something else? >> >> >>>
