thanks, thats what it was!
-Original Message-
From: Mads Toftum [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 03, 2003 3:06 PM
To: [EMAIL PROTECTED]
Subject: Re: verify error:num=21
On Thu, Apr 03, 2003 at 02:52:17PM -0500, Austin Conger (IT) wrote:
> Hi All,
>
> When I submit this command to my Verisign Certificate Secured Site I am getting this
> error.
>
> openssl s_client -connect www.domain.com:443
>
> Its returning these errors:
>
> CONNECTED(0004)
> depth=0 /C=US/ST=michigan/L=some city/O=Company A LLC/OU=Terms of use at
> www.verisign.com/rpa (c)00/CN=www.domain.com
> verify error:num=20:unable to get local issuer certificate
> verify return:1
> depth=0 /C=US/ST=michigan/L=some city/O=Company A LLC/OU=Terms of use at
> www.verisign.com/rpa (c)00/CN=www.domain.com
> verify error:num=27:certificate not trusted
> verify return:1
> depth=0 /C=US/ST=michigan/L=some city/O=Company A LLC/OU=Terms of use at
> www.verisign.com/rpa (c)00/CN=www.domain.com
> verify error:num=21:unable to verify the first certificate
> verify return:1
> etc
>
> Can anyone identify the reason as to why this is happening?
>
Very simple really - openssl is telling you that it can't verify the
certificate because it does not know the CA that it was issued by.
Nothing strange or unexpected in that. Use one of the following to
enable verification:
-CApath arg - PEM format directory of CA's
-CAfile arg - PEM format file of CA's
By default openssl knows no CA's, so you need to get the CA cert
of the signer and use that.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
