Date: Wed, 13 May 2015 11:37:49 -0700 From: Charles Swiger <cswiger@mac.com> To: Ernie Luzar <luzar722@gmail.com> Cc: FreeBSD - <freebsd-questions@freebsd.org> Subject: Re: Self signed certificate being flagged as a error. Message-ID: <9B2A442E-E176-4E6B-BD52-CC8393C5D35E@mac.com> In-Reply-To: <5552A28F.8090605@gmail.com> References: <5552A28F.8090605@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On May 12, 2015, at 6:02 PM, Ernie Luzar <luzar722@gmail.com> wrote: [ ... ] > Then I did this command using the certificate outputted by the above = openssl verify cacert.pem >=20 > cacert.pem: C =3DUS, ST =3D PA, L =3D Pittsburgh, CN =3D = *.powerman.com > error 18 at 0 depth lookup:self signed certificate > ok >=20 > Why does openssl think this is a error and how can I fix this so it = will work? It means that your CA isn't trusted by openssl. Update your openssl.cnf to reference your local CA setup, or feed = openssl the -CApath / -CAfile arguments to the CA cert which signed the self-signed = cert that you are trying to validate. One doesn't normally validate the CA cert itself; it's the root of the = trust chain and either it is trusted explicitly or it isn't. One normally validates = certs which have been signed by a CA; the CA cert should never be used for anything = except signing other certs. Regards, --=20 -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9B2A442E-E176-4E6B-BD52-CC8393C5D35E>