Jks converted to Pem error in veirfying

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

On 10/01/16 05:15, Anil Mathew wrote:
> I am a novice in terms of ssl and hence have limited knowledge in this.
> Please help
>
> I have been a given a jks file that has server certificate, client
> certificate and a key for the client certificate.  I need to convert it to
> pem to use it in my application.
>
> I have converted a jks file to p12 and then to pem.
> However when i try to verify i get the following error.
>
> echo |openssl verify -verbose -purpose sslclient -issuer_checks -CApath
> C:\Data\Openssl\demoCA\certs -CAfile client.pem client.pem
> client.pem: /CN=cn/O=o/L=L/ST=il/C= c
> error 29 at 0 depth lookup:subject issuer mismatch
> /CN=cn/O=o/L=L/ST=il/C= c
> error 29 at 0 depth lookup:subject issuer mismatch
> /CN=cn/O=o/L=L/ST=il/C= c
> error 29 at 0 depth lookup:subject issuer mismatch
> /CN=cn/O=o/L=L/ST=il/C= c
> error 29 at 0 depth lookup:subject issuer mismatch
> /CN=cn/O=o/L=L/ST=il/C= c
> error 20 at 0 depth lookup:unable to get local issuer certificate

this could be a PRINTABLE_STRING  / UTF8_STRING mismatch - can you send 
me the certificates (not the key!) via private email and I will have a 
look. There are some funky options you can add to openssl to see how the 
certificate is composed.

Also, it would help to list the exact version of openssl that you are 
using (run 'openssl version').

HTH,

JJK

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160111/8e97a82e/attachment.html>


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux