Hi Joshua,
Can you say what concrete root CA I must add to my file
trusted_root_certs_of_CAs.pem? What serial number?
I see in many browsers(FireFox, Opera, IE) the certificate's chain consists of
only 3 certificates:
1) VeriSign Class 3 Public Primary Certification Authority – G5
2) VeriSign Class 3 Extended Validation SSL SGC CA
3) www.verisign.com
The first and the second are in my CAfile, the third is the certificate of
domen www.verisign.com.
The "VeriSign Class 3 Public Primary Certification Authority – G5" is a self signed root certificate. It is on the top
of chain. What else root CA should I add?
Regards,
Vladimir.
--------------------------------------------------
From: Joshua Bowman
Sent: Tuesday, June 05, 2012 8:48 AM
To: openssl-users@openssl.org
Subject: Re: Verify return code: 20 (unable to get local issuer certificate)
for www.verisign.com
Hi Vladimir,
Use the actual root CA instead (i:/C=US/O=VeriSign, Inc./OU=Class 3 Public
Primary Certification
Authority) and you'll see it works. You can save it with a web browser, the
-showcerts options,
or it is also be bundled as a root cert in all modern OSes. The others aren't
the root cert so
they don't work.
Joshua Bowman
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
