[Juser] Re: Maddening with SSL certificates
jsiegle at psu.edu
Wed May 9 07:11:30 CDT 2007
Noiano said the following on 5/8/07 5:54 PM:
> > Try doing:
>> $ openssl version -d
>> OPENSSLDIR: "/usr/lib/ssl"
>> $ ls -lt /usr/lib/ssl
>> total 8
>> lrwxrwxrwx 1 root root 14 2007-03-19 08:56 certs -> /etc/ssl/certs
>> drwxr-xr-x 2 root root 4096 2007-03-19 08:56 misc
>> lrwxrwxrwx 1 root root 20 2007-03-19 08:56 openssl.cnf ->
>> lrwxrwxrwx 1 root root 16 2007-03-19 08:56 private -> /etc/ssl/private
>> drwxr-xr-x 2 root root 4096 2007-03-16 13:27 engines
>> Look at where certs points. If it is pointing to /etc/ssl/certs, verify
>> that the hash was made for the certificate. If no hash was made, look
>> for problems with that.
> The certificate is correctly hashed as long as I can see
>> Starcom.pem => cb796bc1.0
> But I still get the error
>> Verify return code: 19 (self signed certificate in certificate chain)
> Need some more help please!
> Thanks for your patience!
Thanks for your patience too. Turns out that openssl s_client does not
have a default CApath. I don't see an environment variable you can set
either. There are variables you can set for openssl verify, but that is
not the issue. So for openssl s_client , you must type:
$ openssl s_client -connect jabber.org:5223 -CApath /etc/ssl/certs/
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3319 bytes
Desc: S/MIME Cryptographic Signature
More information about the JUser