PDA

View Full Version : Openssl Help



Elliot
8th January 2011, 03:20 PM
Hi All,

Really hoping you can help me. I am trying to get openssl to verify a certificate.

I will walk you through what I have done so far.

1. openssl genrsa -des3 -out connect.mydomain.com.key 2048
2. openssl req -new -key connect.mydomain.com.key -out connect.mydomain.com.csr
3. Bought an SSL from GoDaddy.
4. Submitted my CSR
5. Downloaded sf_bundle.crt (CA File I presume)
6. Downloaded connect.mydomain.com.crt

Now I can do the following:

[root@server tls]# openssl verify -CAfile sf_bundle.crt connect.mydomain.com.crt
connect.mydomain.com.crt: OK

This is specifying the CAfile.

If I do:

[root@server tls]# openssl verify connect.mydomain.com.crt
connect.mydomain.com.crt: /O=connect.mydomain.com/OU=Domain Control Validated/CN=connect.mydomain.com
error 20 at 0 depth lookup:unable to get local issuer certificate

So for some reason the CA file is not working. I have no idea where it goes, I have tried moving it around all sorts of directories.

In a word, I am stuck.

Anyone any ideas?

Elliot
9th January 2011, 01:23 PM
Just giving this a bump..

unixrobot
9th January 2011, 02:45 PM
error 20 at 0 depth lookup:unable to get local issuer certificate

means that it can't find the CA that signed connect.mydomain.com.crt , error is mentioned here: http://www.openssl.org/docs/apps/verify.html

here is small howto which should help you: http://www.herongyang.com/crypto/openssl_verify_2.html