Tuesday, 2 December 2014

Fix for "openssl s_client -connect" cert verification errors

For Ubuntu 14.04, the correct syntax is:
openssl s_client -CApath /etc/ssl/certs -connect www.example.com:443

If you miss out the -CApath option, you may get the following errors buried in the output:

verify error:num=19:self signed certificate in certificate chain
Verify return code: 19 (self signed certificate in certificate chain)

Or (depending on how the Certificate was set up):-

verify error:num=20:unable to get local issuer certificate
Verify return code: 20 (unable to get local issuer certificate

With the correct CApath, you should be seeing

Verify return code: 0 (ok)

near the bottom of the output.

No comments:

Post a comment

Spammers: please stop wasting my time. All comments are moderated before publication.