[linux] Problem s verifikaciou openssl certifikatov
Peter Viskup
skupko.sk na gmail.com
Čtvrtek Říjen 21 10:52:51 CEST 2010
2010/10/21 Matus UHLAR - fantomas <uhlar at fantomas.sk>
> On 21.10.10 01:40, Peter Viskup wrote:
> > Po instalovani certifikatov som sa snazil verifikovat ich validnost, no
> > dostavam chybove hlasky:
> >
> > # openssl s_client -CAfile cacert.pem -connect www.firma.sk:443
> > CONNECTED(00000003)
> > depth=0
> > /C=SK/ST=Slovakia/L=Bratislava/O=firma.sk/OU=Webhosting/CN=*.firma.sk
> > verify error:num=20:unable to get local issuer certificate
> > verify return:1
> > depth=0
> > /C=SK/ST=Slovakia/L=Bratislava/O=firma.sk/OU=Webhosting/CN=*.firma.sk
> > verify error:num=27:certificate not trusted
> > verify return:1
> > depth=0
> > /C=SK/ST=Slovakia/L=Bratislava/O=firma.sk/OU=Webhosting/CN=*.firma.sk
> > verify error:num=21:unable to verify the first certificate
> > verify return:1
> > ---
> > Certificate chain
> > 0 s:/C=SK/ST=Slovakia/L=Bratislava/O=
> firma.sk/OU=Webhosting/CN=*.firma.sk
> > i:/C=SK/ST=Slovakia/O=CAfirma.sk/OU=Certification Authority/CN=FIRMA
> CA
> > ---
> > <nejake riadky tu>
>
>
> nevidim tu poskytnuty podpisany certifikat CAfirma.sk nejakou inou
> autoritou
> ktoru openssl pozna. Takto by musel klient mat nainstalovany jej certifikat
> co zrejme nema.
>
> CAfirma.sk je tvoja vlastna ci externa certifikacna autorita?
> --
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Saving Private Ryan...
> Private Ryan exists. Overwrite? (Y/N)
> _______________________________________________
> https://lists.linux.sk/mailman/listinfo/linux
> Meta FAQ: http://www.sklug.sk/lists/linux/metafaq.html
>
Je to moja vlastna CA a preto zadavam volbu CAfile, ktorou mu podhadzujem
jej certifikat.
--
Peter Viskup
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linux.sk/pipermail/linux/attachments/20101021/e7840cff/attachment-0001.html>
Další informace o konferenci linux