[openssl-users] Fwd: Error in Opening SSL Certificate
Amiya Das
amiya068 at gmail.com
Thu Aug 10 12:57:41 UTC 2017
Hi,
I have written an application for connecting to AzureIOT hub using AMQP
protocol.
When i run the application it fails because of SSL issue stating *14090086:SSL
routines:ssl3_get_server_certificate:certificate verify failed.*
Any help would be appreciate..
Below are the details for the OS
Yocto linux
Kernel 4.4.19-gdb0b54cdad
Info: IoT Hub SDK for C, version 1.1.19
i am not sure why this issue is appearing, it looks like an openssl issue.
But i do have the openssl certificates in the below location,
"/etc/ssl/certs/ca-certificates.crt"
Following are the more information using openssl,
-sh-3.2# openssl version -d
OPENSSLDIR: "/usr/lib/ssl"
But the actual certificates are located under /etc/ssl/ folder, so i copied
all the certificates under /usr/lib/ssl folder but still there was no luck
with this.
OPENSSL version 1.0.2h is currently installed.
CONNECTED(00000004)
depth=1 C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, OU
= Microsoft IT, CN = Microsoft IT SSL SHA2
verify error:num=20:unable to get local issuer certificate
---
Certificate chain
0 s:/CN=*.azure-devices.net
i:/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Microsoft
IT/CN=Microsoft IT SSL SHA2
1 s:/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Microsoft
IT/CN=Microsoft IT SSL SHA2
i:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
---
Server certificate
-----BEGIN CERTIFICATE-----
Certificate displayed here properly
-----END CERTIFICATE-----
subject=/CN=*.azure-devices.net
issuer=/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=Microsoft
IT/CN=Microsoft IT SSL SHA2
---
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA512:ECDSA+SHA512:RSA+SH
A256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA512:ECDSA+SHA512:RSA+SH
A256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1
Peer signing digest: SHA1
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3692 bytes and written 485 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-SHA256
Session-ID: DA000000F6835606D8F94D7184BE980E23C55D49D08BA33A8A5709A2C476
3848
Session-ID-ctx:
Master-Key: EE1BEBA238F3B31AB83419452937BEB989E8A0BEB018E5D77B1148903BA3
5905D86DDF43F2745F593EE73AF0481F6819
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1502367353
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
Thanks,
Amiya.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170810/ef6da38a/attachment-0001.html>
More information about the openssl-users
mailing list