Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
Networking
cancel
Showing results for 
Search instead for 
Did you mean: 

SSL error: self signed certificate in certificate chain

dictum9
Super Advisor

SSL error: self signed certificate in certificate chain

hp-ux v11.31

 

Getting the following failure. Looks like the certificate expired?  How do I regenerate it and re-install it?

ssl version:  0.9.8


OpenSSL>  s_client -showcerts -connect xxx.xxx.xxx.xxx:yyyy
CONNECTED(00000003)
depth=2 /xxxxxxxxxxxxxxxxxxxxxxxx/OU=PKI/CN=DoD Root CA 2
verify error:num=19:self signed certificate in certificate chain
verify return:0
SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:102:SSL alert number 42
xxxx:error:xxxxxx:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:
OpenSSL> quit

 

3 REPLIES
Dennis Handly
Acclaimed Contributor

Re: SSL error: self signed certificate in certificate chain

>Looks like the certificate expired?

 

I would think it would say that in the error message.  It may be complaining about the self signed certificate, which needs that certificate in the trusted certificate directory.

dictum9
Super Advisor

Re: SSL error: self signed certificate in certificate chain

Why would it stop working all of a sudden?

 

No changes were made.

 

How do I fix it?

 

 

Dennis Handly
Acclaimed Contributor

Re: SSL error: self signed certificate in certificate chain

>Why would it stop working all of a sudden?

 

Do you have a copy of that -showcerts when it last worked?  That would tell you when it expired.
Can you get to xxx.xxx.xxx.xxx:yyyy and look at the certificates?  Is openssl installed there too?

Has anything changed on that machine?

 

The s3_pkt.c source is here:

http://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=ssl/s3_pkt.c;hb=701134320a94908d8c0ac513741cab41e215a7b5

 

It could be that the "self signed certificate in certificate chain" is being promoted that that final error.