Question about X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN for a cert chain including the root cert

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi there,

I have a question about certificate chain checkin when the chain includes a root certificate.

The server I want to connect to with openssl s_client (Version 0.9.8zc) sends this certificate chain:

0 s:Server's cert
 i:Intermediate cert
1 s:Intermediate cert
 i:Root 1 cert
2 s:Root 1 cert
 i: Root 2 cert
3 s:Root 2 cert
 i:Root 2 cert

If my CA file includes the self signed Root 1 cert, but not the "Root 2 cert" I get "Verify return code: 19 (self signed certificate in certificate chain)"
If I add the Root 2 cert to the CA file everything is fine.
If I try openssl verify on the Server's cert with a CA file including Intermediate cert and self-signed Root 1 cert, but not Root 2 cert, verify reports OK.

My view was that the Root 1 cert in the CA file should verify the chain. Obviously it does not, but why? Are two certificates with the same subject but different issuer considered different? Or is this an issue with my ancient openssl version?

Kind regards
Ted

--
PGP Public Key Information
Key ID = 7AFB8D26
Key fingerprint = 31B0 E029 BCF9 6605 DAC1  B2E1 0CC8 70F4 7AFB 8D26


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux