[Juser] Re: Maddening with SSL certificates
Jonathan Siegle
jsiegle at psu.edu
Wed May 9 07:11:30 CDT 2007
Noiano said the following on 5/8/07 5:54 PM:
> > Try doing:
>> $ openssl version -d
>> OPENSSLDIR: "/usr/lib/ssl"
>> $ ls -lt /usr/lib/ssl
>> total 8
>> lrwxrwxrwx 1 root root 14 2007-03-19 08:56 certs -> /etc/ssl/certs
>> drwxr-xr-x 2 root root 4096 2007-03-19 08:56 misc
>> lrwxrwxrwx 1 root root 20 2007-03-19 08:56 openssl.cnf ->
>> /etc/ssl/openssl.cnf
>> lrwxrwxrwx 1 root root 16 2007-03-19 08:56 private -> /etc/ssl/private
>> drwxr-xr-x 2 root root 4096 2007-03-16 13:27 engines
>>
>> Look at where certs points. If it is pointing to /etc/ssl/certs, verify
>> that the hash was made for the certificate. If no hash was made, look
>> for problems with that.
>>
>> -Jonathan
>>
> The certificate is correctly hashed as long as I can see
>> Starcom.pem => cb796bc1.0
>
> But I still get the error
>
>> Verify return code: 19 (self signed certificate in certificate chain)
>
> Need some more help please!
>
> Thanks for your patience!
>
Thanks for your patience too. Turns out that openssl s_client does not
have a default CApath. I don't see an environment variable you can set
either. There are variables you can set for openssl verify, but that is
not the issue. So for openssl s_client , you must type:
$ openssl s_client -connect jabber.org:5223 -CApath /etc/ssl/certs/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3319 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/juser/attachments/20070509/1fdbf4b2/smime.bin
More information about the JUser
mailing list