Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Error 20 at 0 depth lookup:unable to get local issuer certificate
1,112 views
Skip to first unread message
Vinay Kumar L
Dec 14, 2010, 1:30:15 AM12/14/10
to
Hi all,
I have generated certificate chain using Openssl(OpenSSL 0.9.8e). The certificate hierarchy is as follows:
ca.pem ---->cert1.pem---->cert2.pem----->last.pem
Openssl doesn't give any error when verifying these certificate chain(Certificate chain verification is successful) during TLS connection establishment(Connection establishment is successful) but when verified using Openssl command openssl verify gives following error:
# openssl verify -CAfile ca.pem -untrusted cert1.pem cert2.pem last.pem
cert2.pem: OK
last.pem: /C=IN/O=Xyz/OU=CableLabs Key Distribution Center/CN=kdc.xyz.com
error 20 at 0 depth lookup:unable to get local issuer certificate
The Subject and Issuer names in certificates are correct. Please let me know the cause of error and changes required in the certificate hierarchy.
Regards,
Vinay
I have generated certificate chain using Openssl(OpenSSL 0.9.8e). The certificate hierarchy is as follows:
ca.pem ---->cert1.pem---->cert2.pem----->last.pem
Openssl doesn't give any error when verifying these certificate chain(Certificate chain verification is successful) during TLS connection establishment(Connection establishment is successful) but when verified using Openssl command openssl verify gives following error:
# openssl verify -CAfile ca.pem -untrusted cert1.pem cert2.pem last.pem
cert2.pem: OK
last.pem: /C=IN/O=Xyz/OU=CableLabs Key Distribution Center/CN=kdc.xyz.com
error 20 at 0 depth lookup:unable to get local issuer certificate
The Subject and Issuer names in certificates are correct. Please let me know the cause of error and changes required in the certificate hierarchy.
Regards,
Vinay
sandeep kiran p
Dec 14, 2010, 10:09:07 AM12/14/10
to
The -untrusted argument to verify command takes a single file containing multiple certificates concatenated together. Try adding cert1.pem and cert2.pem into a single file and check again.
Thanks,
Sandeep
Vinay Kumar L
Dec 15, 2010, 12:45:23 AM12/15/10
to
Thank you. It worked fine after concatenating cert1.pem and cert2.pem
into single file.
Regards,
Vinay
Regards,
Vinay
0 new messages