I'm trying to access a secured page via ssl with a client side certificate and receive the "verify error:num=19:self signed certificate in certificate chain" message when I try to validate the certificate from the client using a standard openssl s_client command. (I've provided the syntax used and the output below.) My goal is to use the LWP libs along with the Crypt::SSLeay to access the secured page, but apparently my client verification is not succeeding as indicated when the s_client command is invoked. The platform used is HPUX 10.2 with OpenSSL version 0.9.6d. I have tried other release with similar results. I can validate the client certificate against the CA and that appears to work fine, so could someone tell me why this is failing and what might be suggested to alleviate the problem.
As always, thanks for the help. s_client command and output: openssl s_client -connect memberplusone.deluxe.com:443 -cert cert.pem -key key.pem -state CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL_connect:SSLv3 read server hello A depth=1 /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority verify error:num=19:self signed certificate in certificate chain verify return:0 SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server certificate request A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client certificate A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write certificate verify A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL3 alert read:fatal:certificate unknown SSL_connect:failed in SSLv3 read finished A 5408:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1031:SSL alert number 46 5408:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226: ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
