<div class="gmail_quote">2010/10/21 Matus UHLAR - fantomas <span dir="ltr"><<a href="mailto:uhlar@fantomas.sk">uhlar@fantomas.sk</a>></span><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div class="im">On 21.10.10 01:40, Peter Viskup wrote:<br>
> Po instalovani certifikatov som sa snazil verifikovat ich validnost, no<br>
> dostavam chybove hlasky:<br>
><br>
> # openssl s_client -CAfile cacert.pem -connect <a href="http://www.firma.sk:443" target="_blank">www.firma.sk:443</a><br>
> CONNECTED(00000003)<br>
> depth=0<br>
> /C=SK/ST=Slovakia/L=Bratislava/O=<a href="http://firma.sk/OU=Webhosting/CN=*.firma.sk" target="_blank">firma.sk/OU=Webhosting/CN=*.firma.sk</a><br>
> verify error:num=20:unable to get local issuer certificate<br>
> verify return:1<br>
> depth=0<br>
> /C=SK/ST=Slovakia/L=Bratislava/O=<a href="http://firma.sk/OU=Webhosting/CN=*.firma.sk" target="_blank">firma.sk/OU=Webhosting/CN=*.firma.sk</a><br>
> verify error:num=27:certificate not trusted<br>
> verify return:1<br>
> depth=0<br>
> /C=SK/ST=Slovakia/L=Bratislava/O=<a href="http://firma.sk/OU=Webhosting/CN=*.firma.sk" target="_blank">firma.sk/OU=Webhosting/CN=*.firma.sk</a><br>
> verify error:num=21:unable to verify the first certificate<br>
> verify return:1<br>
> ---<br>
> Certificate chain<br>
> 0 s:/C=SK/ST=Slovakia/L=Bratislava/O=<a href="http://firma.sk/OU=Webhosting/CN=*.firma.sk" target="_blank">firma.sk/OU=Webhosting/CN=*.firma.sk</a><br>
> i:/C=SK/ST=Slovakia/O=CAfirma.sk/OU=Certification Authority/CN=FIRMA CA<br>
> ---<br>
> <nejake riadky tu><br>
<br>
<br>
</div>nevidim tu poskytnuty podpisany certifikat CAfirma.sk nejakou inou autoritou<br>
ktoru openssl pozna. Takto by musel klient mat nainstalovany jej certifikat<br>
co zrejme nema.<br>
<br>
CAfirma.sk je tvoja vlastna ci externa certifikacna autorita?<br>
--<br>
<font color="#888888">Matus UHLAR - fantomas, <a href="mailto:uhlar@fantomas.sk">uhlar@fantomas.sk</a> ; <a href="http://www.fantomas.sk/" target="_blank">http://www.fantomas.sk/</a><br>
Warning: I wish NOT to receive e-mail advertising to this address.<br>
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.<br>
Saving Private Ryan...<br>
Private Ryan exists. Overwrite? (Y/N)<br>
_______________________________________________<br>
<a href="https://lists.linux.sk/mailman/listinfo/linux" target="_blank">https://lists.linux.sk/mailman/listinfo/linux</a><br>
Meta FAQ: <a href="http://www.sklug.sk/lists/linux/metafaq.html" target="_blank">http://www.sklug.sk/lists/linux/metafaq.html</a><br>
</font></blockquote></div><br>Je to moja vlastna CA a preto zadavam volbu CAfile, ktorou mu podhadzujem jej certifikat.<br><br>--<br>Peter Viskup<br>