Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 13 May 2015 11:37:49 -0700
From:      Charles Swiger <cswiger@mac.com>
To:        Ernie Luzar <luzar722@gmail.com>
Cc:        FreeBSD - <freebsd-questions@freebsd.org>
Subject:   Re: Self signed certificate being flagged as a error.
Message-ID:  <9B2A442E-E176-4E6B-BD52-CC8393C5D35E@mac.com>
In-Reply-To: <5552A28F.8090605@gmail.com>
References:  <5552A28F.8090605@gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On May 12, 2015, at 6:02 PM, Ernie Luzar <luzar722@gmail.com> wrote:
[ ... ]
> Then I did this command using the certificate outputted  by the  above =
openssl verify cacert.pem
>=20
> cacert.pem: C =3DUS, ST =3D PA, L =3D Pittsburgh, CN  =3D  =
*.powerman.com
> error 18 at 0 depth lookup:self signed certificate
> ok
>=20
> Why does openssl think this is a error and how can I fix this so it =
will work?

It means that your CA isn't trusted by openssl.

Update your openssl.cnf to reference your local CA setup, or feed =
openssl the
-CApath / -CAfile arguments to the CA cert which signed the self-signed =
cert that
you are trying to validate.

One doesn't normally validate the CA cert itself; it's the root of the =
trust chain
and either it is trusted explicitly or it isn't.  One normally validates =
certs which
have been signed by a CA; the CA cert should never be used for anything =
except signing
other certs.

Regards,
--=20
-Chuck




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9B2A442E-E176-4E6B-BD52-CC8393C5D35E>