[pubcookie-users] keyclient reports "self signed certificate in
certificate chain"
Sacha Michel Mallais
sacha at global-village.net
Fri Mar 30 10:08:23 PDT 2007
Hi all,
I'm a PubCookie newbie, so please be gentle... :-)
I'm trying to set up a PubCookie Apache module to connect to an
existing PubCookie server, but I'm having problems getting the
keyclient working with my cert. I've got a signed cert from Thawte
and their root CA, both referenced from the config file. When I
run ./keyclient (as root), I get this:
# ./keyclient
verify error:num=19:self signed certificate in certificate chain
6757:error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed:s3_clnt.c:844:
But when I test the validity of the cert, it comes back OK:
# openssl verify -CAfile ca-bundle.crt site.crt
site.crt: OK
I've also tested that my cert and key file match:
# openssl x509 -noout -modulus -in site.crt | openssl md5
7376ff2cc099727883a4bdb733e6e628
# openssl rsa -noout -modulus -in site.key | openssl md5
7376ff2cc099727883a4bdb733e6e628
Does anyone have any idea what might be happening?
sacha
--
Sacha Michel Mallais Senior Developer / President
Global Village Consulting Inc. http://www.global-village.net/
PGP Key ID: 7D757B65 AIM: smallais
"Good people do not need laws to tell them to act responsibly,
while bad people will find a way around the laws." -- Plato
More information about the pubcookie-users
mailing list