Please Help me out- SSL ERROR

Tue, 17 Jan 2012 23:54:10 -0800 

Dear Folks,

I am  seeing the below errors during the certificate validation.  Not sure
what is wrong with the certificate.
error:num=20:unable to get local issuer certificate
verify error:num=27:certificate not trusted
verify error:num=21:unable to verify the first certificate

Here is the output for Openssl S_client


root@11437000026:/usr/bin# openssl s_client -connect 10.204.4.69:7003
WARNING: can't open config file: /usr/ssl/openssl.cnf
CONNECTED(00000003)
depth=0 C = IN, ST = Karnataka, L = Bangalore, O = Airvana, CN = 10.204.4.69
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = IN, ST = Karnataka, L = Bangalore, O = Airvana, CN = 10.204.4.69
verify error:num=27:certificate not trusted
verify return:1
depth=0 C = IN, ST = Karnataka, L = Bangalore, O = Airvana, CN = 10.204.4.69
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/C=IN/ST=Karnataka/L=Bangalore/O=Airvana/CN=10.204.4.69
   i:/C=IN/ST=Karnataka/L=Bangalore/O=Airvana/CN=Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICXDCCAcWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJJTjES
MBAGA1UECBMJS2FybmF0YWthMRIwEAYDVQQHEwlCYW5nYWxvcmUxEDAOBgNVBAoT
-----END CERTIFICATE-----
subject=/C=IN/ST=Karnataka/L=Bangalore/O=Airvana/CN=10.204.4.69
issuer=/C=IN/ST=Karnataka/L=Bangalore/O=Airvana/CN=Root CA
---
No client certificate CA names sent
---
SSL handshake has read 770 bytes and written 408 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES128-SHA
    Session-ID:
CA45FE6316F318B9D854C509DA9E5A900E528514360E1206F1BD3C96A304B26B
    Session-ID-ctx:
    Master-Key:
2732D99F3A8752A9974800E81371BCA63AD5793AB7602F9CC2B3714FB0524317B888843D1D820CBEA28CD1B1D552E89C
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1326850926
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---


My Set up looks like this.
 e.g.  Certificate Chain  would be , ROOT----- > Server ( I  keep ROOT at
CLIENT and Server cert at SERVER). Am I right ?





[root@squidpc TEST]# openssl x509 -in root.pem -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=IN, ST=Karnataka, L=Bangalore, O=Airvana, CN=Root CA
        Validity
            Not Before: Dec 21 05:49:21 2011 GMT
           Not After : Jan 20 05:49:21 2012 GMT
        Subject: C=IN, ST=Karnataka, L=Bangalore, O=Airvana, CN=Root CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:d6:98:6d:ca:df:4d:47:4a:2c:24:da:ee:2c:e1:
                    5f:42:fd:cc:b6:eb:fd:68:9d:9e:f3:0e:2e:39:95:
                    26:c2:e3:b0:60:6a:51:f9:25:2f:a6:9a:97:db:1a:
                    af:23:3b:0f:a3:1a:53:f7:e3:f8:e9:57:ec:05:7b:
                    38:70:b3:2d:5c:82:aa:ed:06:ea:d7:00:9e:9d:ec:
                    aa:8b:81:60:bb:52:30:5e:c8:9c:bf:79:eb:ac:ad:
                    7a:9d:e8:b2:13:ae:04:27:c5:16:4a:51:81:02:a0:
                    e5:12:70:c2:64:8d:c5:da:88:8b:eb:3c:f4:89:b9:
                    2f:56:0c:dd:46:f7:2a:2d:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
            CA:TRUE
[root@squidpc TEST]# openssl x509 -in server.pem -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=IN, ST=Karnataka, L=Bangalore, O=Airvana, CN=Root CA
        Validity
            Not Before: Dec 21 05:49:54 2011 GMT
            Not After : Jan 20 05:49:54 2012 GMT
        Subject: C=IN, ST=Karnataka, L=Bangalore, O=Airvana, CN=10.204.4.69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:d8:97:58:a3:f2:86:35:ba:d9:d0:7d:b9:7e:95:
                    32:e5:bd:3a:e9:24:5e:f0:14:6d:23:ad:c5:07:bb:
                    72:63:86:b7:4f:aa:24:38:c7:8c:fd:7c:2e:6b:d8:
                    ad:97:35:32:10:0b:a6:ba:25:53:70:8a:72:2c:08:
                    a2:32:fc:a7:96:7c:a6:eb:d4:02:7b:95:56:69:68:
                    95:90:ea:c6:d9:e7:0f:90:22:be:79:14:71:dd:58:
                    b7:d3:c7:9f:dc:3b:46:17:59:9f:aa:6a:c8:7d:b9:
                    59:0e:ee:89:5e:5a:a6:3e:6f:4d:22:e3:79:c5:94:
                    75:5e:59:8b:c7:47:5f:29:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
            CA:FALSE

Please let me know what is missing here & why i am getting the above error.

Best regards,
S S Rout

-- 
View this message in context: 
http://old.nabble.com/Please-Help-me-out--SSL-ERROR-tp33159464p33159464.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [email protected]
Automated List Manager                           [email protected]

Reply via email to