Hi, I have written an application for connecting to AzureIOT hub using AMQP protocol. When i run the application it fails because of SSL issue stating *14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed.*
Any help would be appreciate.. Below are the details for the OS Yocto linux Kernel 4.4.19-gdb0b54cdad Info: IoT Hub SDK for C, version 1.1.19 i am not sure why this issue is appearing, it looks like an openssl issue. But i do have the openssl certificates in the below location, "/etc/ssl/certs/ca-certificates.crt" Following are the more information using openssl, -sh-3.2# openssl version -d OPENSSLDIR: "/usr/lib/ssl" But the actual certificates are located under /etc/ssl/ folder, so i copied all the certificates under /usr/lib/ssl folder but still there was no luck with this. OPENSSL version 1.0.2h is currently installed. CONNECTED(00000004) depth=1 C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, OU = Microsoft IT, CN = Microsoft IT SSL SHA2 verify error:num=20:unable to get local issuer certificate --- Certificate chain 0 s:/CN=*.azure-devices.net i:/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Microsoft IT/CN=Microsoft IT SSL SHA2 1 s:/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Microsoft IT/CN=Microsoft IT SSL SHA2 i:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root --- Server certificate -----BEGIN CERTIFICATE----- Certificate displayed here properly -----END CERTIFICATE----- subject=/CN=*.azure-devices.net issuer=/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Microsoft IT/CN=Microsoft IT SSL SHA2 --- No client certificate CA names sent Client Certificate Types: RSA sign, DSA sign, ECDSA sign Requested Signature Algorithms: RSA+SHA512:ECDSA+SHA512:RSA+SH A256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1 Shared Requested Signature Algorithms: RSA+SHA512:ECDSA+SHA512:RSA+SH A256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1 Peer signing digest: SHA1 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 3692 bytes and written 485 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-SHA256 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-SHA256 Session-ID: DA000000F6835606D8F94D7184BE980E23C55D49D08BA33A8A5709A2C476 3848 Session-ID-ctx: Master-Key: EE1BEBA238F3B31AB83419452937BEB989E8A0BEB018E5D77B1148903BA3 5905D86DDF43F2745F593EE73AF0481F6819 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1502367353 Timeout : 300 (sec) Verify return code: 20 (unable to get local issuer certificate) --- Thanks, Amiya.
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users