Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 13 May 2015 11:37:49 -0700
From:      Charles Swiger <>
To:        Ernie Luzar <>
Cc:        FreeBSD - <>
Subject:   Re: Self signed certificate being flagged as a error.
Message-ID:  <>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On May 12, 2015, at 6:02 PM, Ernie Luzar <> wrote:
[ ... ]
> Then I did this command using the certificate outputted  by the  above =
openssl verify cacert.pem
> cacert.pem: C =3DUS, ST =3D PA, L =3D Pittsburgh, CN  =3D  =
> error 18 at 0 depth lookup:self signed certificate
> ok
> Why does openssl think this is a error and how can I fix this so it =
will work?

It means that your CA isn't trusted by openssl.

Update your openssl.cnf to reference your local CA setup, or feed =
openssl the
-CApath / -CAfile arguments to the CA cert which signed the self-signed =
cert that
you are trying to validate.

One doesn't normally validate the CA cert itself; it's the root of the =
trust chain
and either it is trusted explicitly or it isn't.  One normally validates =
certs which
have been signed by a CA; the CA cert should never be used for anything =
except signing
other certs.


Want to link to this message? Use this URL: <>