Self signed certificate being flagged as a error.
Charles Swiger
cswiger at mac.com
Wed May 13 18:37:51 UTC 2015
On May 12, 2015, at 6:02 PM, Ernie Luzar <luzar722 at gmail.com> wrote:
[ ... ]
> Then I did this command using the certificate outputted by the above openssl verify cacert.pem
>
> cacert.pem: C =US, ST = PA, L = Pittsburgh, CN = *.powerman.com
> error 18 at 0 depth lookup:self signed certificate
> ok
>
> Why does openssl think this is a error and how can I fix this so it will work?
It means that your CA isn't trusted by openssl.
Update your openssl.cnf to reference your local CA setup, or feed openssl the
-CApath / -CAfile arguments to the CA cert which signed the self-signed cert that
you are trying to validate.
One doesn't normally validate the CA cert itself; it's the root of the trust chain
and either it is trusted explicitly or it isn't. One normally validates certs which
have been signed by a CA; the CA cert should never be used for anything except signing
other certs.
Regards,
--
-Chuck
More information about the freebsd-questions
mailing list