Re: SSL error: self signed certificate in certificate chain

dictum9 · ‎11-13-2014

hp-ux v11.31

Getting the following failure. Looks like the certificate expired? How do I regenerate it and re-install it?

ssl version: 0.9.8

OpenSSL> s_client -showcerts -connect xxx.xxx.xxx.xxx:yyyy
CONNECTED(00000003)
depth=2 /xxxxxxxxxxxxxxxxxxxxxxxx/OU=PKI/CN=DoD Root CA 2
verify error:num=19:self signed certificate in certificate chain
verify return:0
SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:102:SSL alert number 42
xxxx:error:xxxxxx:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:
OpenSSL> quit

Dennis Handly · ‎11-13-2014

>Looks like the certificate expired?

I would think it would say that in the error message. It may be complaining about the self signed certificate, which needs that certificate in the trusted certificate directory.

dictum9 · ‎11-14-2014

Why would it stop working all of a sudden?

No changes were made.

How do I fix it?

Dennis Handly · ‎11-14-2014

>Why would it stop working all of a sudden?

Do you have a copy of that -showcerts when it last worked? That would tell you when it expired.
Can you get to xxx.xxx.xxx.xxx:yyyy and look at the certificates? Is openssl installed there too?

Has anything changed on that machine?

The s3_pkt.c source is here:

http://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=ssl/s3_pkt.c;hb=701134320a94908d8c0ac513741cab41e215a7b5

It could be that the "self signed certificate in certificate chain" is being promoted that that final error.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: SSL error: self signed certificate in certificate chain

SSL error: self signed certificate in certificate chain