On Tue, Apr 24, 2012 at 11:54:48AM -0700, John Fischer wrote: > On 04/24/12 11:38 AM, [email protected] wrote: > >openssl s_client -CApath /etc/certs/CA -connect 192.168.100.10:4321 > depth=0 C = US, ST = California, L = PV, O = Oracle, OU = Solaris > Install, CN = > 192.168.100.10 > verify error:num=20:unable to get local issuer certificate > verify return:1 > depth=0 C = US, ST = California, L = PV, O = Oracle, OU = Solaris > Install, CN = > 192.168.100.10 > verify error:num=27:certificate not trusted > verify return:1 > depth=0 C = US, ST = California, L = PV, O = Oracle, OU = Solaris > Install, CN = > 192.168.100.10 > verify error:num=21:unable to verify the first certificate > verify return:1 > CONNECTED(00000004) > --- > Certificate chain > 0 s:/C=US/ST=California/L=PV/O=Oracle/OU=Solaris Install/CN=192.168.100.10 > i:/C=US/ST=California/L=PV/O=Oracle/OU=Solaris Install/CN=CA
It looks like you only have one certificate in your chain. IIUC, you also need to send the certificate of the authority that signed the cert. If you use a similar technique on ipkg internally, you can see that it sends the level 0 certificate, along with two others that are needed to verify the keys in the chain. HTH, -K _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
