Hi, On 10/01/16 05:15, Anil Mathew wrote: > I am a novice in terms of ssl and hence have limited knowledge in this. > Please help > > I have been a given a jks file that has server certificate, client > certificate and a key for the client certificate. I need to convert it to > pem to use it in my application. > > I have converted a jks file to p12 and then to pem. > However when i try to verify i get the following error. > > echo |openssl verify -verbose -purpose sslclient -issuer_checks -CApath > C:\Data\Openssl\demoCA\certs -CAfile client.pem client.pem > client.pem: /CN=cn/O=o/L=L/ST=il/C= c > error 29 at 0 depth lookup:subject issuer mismatch > /CN=cn/O=o/L=L/ST=il/C= c > error 29 at 0 depth lookup:subject issuer mismatch > /CN=cn/O=o/L=L/ST=il/C= c > error 29 at 0 depth lookup:subject issuer mismatch > /CN=cn/O=o/L=L/ST=il/C= c > error 29 at 0 depth lookup:subject issuer mismatch > /CN=cn/O=o/L=L/ST=il/C= c > error 20 at 0 depth lookup:unable to get local issuer certificate this could be a PRINTABLE_STRING / UTF8_STRING mismatch - can you send me the certificates (not the key!) via private email and I will have a look. There are some funky options you can add to openssl to see how the certificate is composed. Also, it would help to list the exact version of openssl that you are using (run 'openssl version'). HTH, JJK -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160111/8e97a82e/attachment.html>
