error 20 at 0 depth lookup:unable to get local issuer certificate
hello i have build openldap with openssl support and when a client try to connect i got : TLS certificate verification: depth: 1, err: 19, subject: /C=BE/ST=BELGIUM/L=BRUSSELS/O=CAAMI_CA/OU=CCI/CN=CAAMI_CA/[EMAIL PROTECTED], issuer: /C=BE/ST=BELGIUM/L=BRUSSELS/O=CAAMI_CA/OU=CCI/CN=CAAMI_CA/[EMAIL PROTECTED] TLS certificate verification: Error, self signed certificate in certificate chain tls_write: want=7, written=7 : 15 03 01 00 02 02 30 ..0 TLS trace: SSL3 alert write:fatal:unknown CA any tips ? thank you __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
how to create a cacert.pem that is not self signed
hello i am trying to set up my own CA i used CA.pl -newca but if i try to verify cacert.pem i have an error self signed certificate How do i make a not self signed certificate ? thank you __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: cacert.pem selfsigned certificate problem
On Wednesday 24 November 2004 11:44, Dr. Stephen Henson wrote: On Wed, Nov 24, 2004, Florin Angelescu wrote: On Tuesday 23 November 2004 16:57, Dr. Stephen Henson wrote: On Tue, Nov 23, 2004, Florin Angelescu wrote: Hello I am trying to set up an ssl acces to ldap following http://www.openldap.org/faq/data/cache/185.html i created my ca and signed the certificates for the server and client but i still get a 'self signed error' i checked and i saw that it was because of cacert.pem which is selfsigned question : how to solve this ??? (do i have to sign the CA certificate by another CA ? and how ? ) thank you very much Firstly I'd suggest you use CA.pl instead of CA.sh which is older. What is giving you the error? If its a client then you'd need to include a command line switch or configuration option telling it to include 'cacert.pem' in its trusted list of CAs. Steve. -- Thank you for answering. The error is given by ldapsearch ( and ldap.conf sldap.conf are well configured). The error is also reported by openssl. self signed certificate in certification chain (the CA certificate) The problem is not that you have a self signed CA it is that the software doesn't trust it. The configuration or command line options should provide a means of specifying a file or directory containing trusted CAs. You should change them to include 'cacert.pem'. Steve. i used CA.pl -newcert i thought it does everything for me here is what i got ldap misc # openssl verify demoCA/cacert.pem demoCA/cacert.pem: /C=BE/ST=BEGLIUM/L=BRUSSELS/O=CAAMI_CA1/OU=CCI/CN=CAAMI_CA1/[EMAIL PROTECTED] error 18 at 0 depth lookup:self signed certificate OK __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
cacert.pem selfsigned certificate problem
Hello I am trying to set up an ssl acces to ldap following http://www.openldap.org/faq/data/cache/185.html i created my ca and signed the certificates for the server and client but i still get a 'self signed error' i checked and i saw that it was because of cacert.pem which is selfsigned question : how to solve this ??? (do i have to sign the CA certificate by another CA ? and how ? ) thank you very much __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: cacert.pem selfsigned certificate problem
On Tuesday 23 November 2004 16:57, Dr. Stephen Henson wrote: On Tue, Nov 23, 2004, Florin Angelescu wrote: Hello I am trying to set up an ssl acces to ldap following http://www.openldap.org/faq/data/cache/185.html i created my ca and signed the certificates for the server and client but i still get a 'self signed error' i checked and i saw that it was because of cacert.pem which is selfsigned question : how to solve this ??? (do i have to sign the CA certificate by another CA ? and how ? ) thank you very much Firstly I'd suggest you use CA.pl instead of CA.sh which is older. What is giving you the error? If its a client then you'd need to include a command line switch or configuration option telling it to include 'cacert.pem' in its trusted list of CAs. Steve. -- Thank you for answering. The error is given by ldapsearch ( and ldap.conf sldap.conf are well configured). The error is also reported by openssl. self signed certificate in certification chain (the CA certificate) __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]