Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

unable to get local issuer certificate

0 views

Skip to first unread message

Damitha Bogahawatta

unread,

Jul 17, 2001, 1:01:57 AM7/17/01

I have created CA certificate and private key using `openssl req`
command.

openssl req -new -newkey rsa:512 -md5 -x09 -keyout cakey.pem -out
cacert.pem

Then created server and client certificates and signed them using CA's
private key. But when I use these certificates I am getting three error
messages.

verify error : num20: unable to get local issuer certificate
verify error : num27: certificate not trusted
verify error : num21: unable to verify the first certificate

Could anyone explain me what I am doing wrong.

Thanks,
Damitha.

ps: This was the case when I use the test certificate came with openssl.

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org

Lutz Jaenicke

unread,

Jul 17, 2001, 6:35:54 AM7/17/01

On Tue, Jul 17, 2001 at 02:45:57PM +1000, Damitha Bogahawatta wrote:
> openssl req -new -newkey rsa:512 -md5 -x09 -keyout cakey.pem -out
> cacert.pem
>
> Then created server and client certificates and signed them using CA's
> private key. But when I use these certificates I am getting three error
> messages.
>
> verify error : num20: unable to get local issuer certificate
> verify error : num27: certificate not trusted
> verify error : num21: unable to verify the first certificate

man verify. The first error is the most important. Your CA certificate is
not available in the trusted CA store.
Lutz
--
Lutz Jaenicke Lutz.J...@aet.TU-Cottbus.DE
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153

0 new messages