[openssl-users] Problem verifying a certificate chain

Pascal Withopf pwithopf at adiscon.com
Thu Nov 30 07:46:27 UTC 2017


Here is serverCA.pem as a file and as text

-----BEGIN CERTIFICATE-----
MIICJTCCAY4CCQCS+4ZH1+sfwzANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJY
WDELMAkGA1UECAwCWFgxDTALBgNVBAcMBHRlc3QxGTAXBgNVBAoMEFRlc3Rvcmdh
bmlzYXRpb24xEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMTcxMTMwMDczMDEzWhcNMTcx
MjMwMDczMDEzWjBYMQswCQYDVQQGEwJYWDELMAkGA1UECAwCWFgxDTALBgNVBAcM
BHRlc3QxGTAXBgNVBAoMEFRlc3RvcmdhbmlzYXRpb24xEjAQBgNVBAMMCVNlcnZl
ciBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAuvN7K+Pm7eTskAGZBVli
lBbr8P0Hjl0TOIUEckgFSHbCC7tjecdJS9IzXXVv8nnHVdsjTbZKiYK2/6od0gcb
TWjI9T2HtnYFvUoKedgn4A2np3s5E4V707ACyw49J9mmiqBlfKg6cnOpYa+ZOZfl
95yNPUq9rK9KgDHXRseaP2UCAwEAATANBgkqhkiG9w0BAQUFAAOBgQCq0JJnFwD+
M3+5lCxjbs7PAiV32d8eiT9r/QJUcwQ2VMFapTUnS51VVfGf1HIQmuA9QuKKr4Cq
AJIWPRZJmt+UE2PfUJlQhx6gUl7siyNMKOj48/wQ/I1yHT9ArIlCGNWAA9+tJP90
w07g3qwBet+wYmcbhYS9xNSJeUEhRtZZBg==
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALrzeyvj5u3k7JAB
mQVZYpQW6/D9B45dEziFBHJIBUh2wgu7Y3nHSUvSM111b/J5x1XbI022SomCtv+q
HdIHG01oyPU9h7Z2Bb1KCnnYJ+ANp6d7OROFe9OwAssOPSfZpoqgZXyoOnJzqWGv
mTmX5fecjT1KvayvSoAx10bHmj9lAgMBAAECgYAa021NMvqkEEFRuKj4d4cJsPBS
ODypVPm5Fn042NTJPSFDBbSUeOAvnQ35zywtIwRTcYpzUEEJ0lPoA8UbqiFkjvpb
KtsyHmxxoCcyX7YWCCS0N7Z1pMzqTJNlpoLGt9l4hysqI87oiQxhr+wqcFimUXCn
cWFXqX+L0nWHv1AUAQJBAPXcn9dftsvqvjkL5lwxw0VZzuvt/B3zrPt0iGWnLWOb
OBfPs2mhe4dbxOH/V/Z9d2fQ5D13xzYBE/SjgWrXz6UCQQDCqPs0jAq6JsFPQc0d
3jfV10FM6BLZ58fuOJzEczWETbwjpxBgpsjBREhL3OSqXKsNPJiWj83gUXHYxNxs
jaTBAkEAnMVyksWwbLShWQTSfcUpa4ZJoD0e/wZLLgfvlUoVcicejGhfUaKrfvMw
Rp8oOr9kLSmQ7/T5bOEhFWRQ+IzmFQJANPxoPHpuJRONhPRlT98AFc4c8UEueG/1
5Os2COdPRu8d6hp8g8KCXNEoWLYM7C6DRPwckMceBBRHR/j2AvpfQQJBAKu0I6XE
CZxyoPv1mRqTR7rU2dUQfrKGOccj8h8HFLbq2oWp+I9dnwRrWaPGlrmBLzoc49Fz
qpj4m4Bv4xA94Uc=
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIICIzCCAYwCCQC1OoUz04RMqDANBgkqhkiG9w0BAQUFADBWMQswCQYDVQQGEwJY
WDELMAkGA1UECAwCWFgxDTALBgNVBAcMBHRlc3QxGTAXBgNVBAoMEFRlc3Rvcmdh
bmlzYXRpb24xEDAOBgNVBAMMB1Jvb3QgQ0EwHhcNMTcxMTMwMDcyOTA0WhcNMTcx
MjMwMDcyOTA0WjBWMQswCQYDVQQGEwJYWDELMAkGA1UECAwCWFgxDTALBgNVBAcM
BHRlc3QxGTAXBgNVBAoMEFRlc3RvcmdhbmlzYXRpb24xEDAOBgNVBAMMB1Jvb3Qg
Q0EwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMJnOIgoR56VGV+3waIP6xqX
fD31MUXL0+24W8QL6N7fSrpNbGwB8koUMAYIibMGL/d0WvkbzNq7415J87Qz7VDv
VWvuDsl8QNixHqN2HhUPwBTGUPMVR7Zda3oH0YstXgrf05bnMjTkK/m39mOE7PrN
d9R++4btVwLuhlfO8WNnAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAmlpfCIlsO+hw
PcyIF48wPXrd9/UWf8bNWMQ0wsMJCIxlHzb+dHaM/2B06oRbwfwvj/rdcA4hueJF
HY1fvva2E7YEpaGAKoT1LKQhadyJBf5a7UIhEzUV/OUsIfYCDzmF4DmwI5biBZpy
S887uY+40OP1b1NXktdPF3ejjYKZC7U=
-----END CERTIFICATE-----


2017-11-29 18:38 GMT+01:00 Viktor Dukhovni <openssl-users at dukhovni.org>:

>
>
> > On Nov 29, 2017, at 10:57 AM, Pascal Withopf <pwithopf at adiscon.com>
> wrote:
> >
> > $ openssl x509 -in serverCA.pem -noout -purpose
> >
> > ...
> >
> > If the purpose is incorrect how can I set it?
> >
> > 2017-11-29 16:48 GMT+01:00 Viktor Dukhovni <openssl-users at dukhovni.org>:
> > On Wed, Nov 29, 2017 at 04:33:39PM +0100, Pascal Withopf wrote:
> >
> >>>  err 24:invalid CA certificate
> >>
> >> The intermediate CA extensions are likely incorrect.  Post
> >> the certificate in question.
>
> Post the certificate in question.
>
> --
>         Viktor.
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171130/5001a426/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: serverCA.pem
Type: application/octet-stream
Size: 2524 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20171130/5001a426/attachment-0001.obj>


More information about the openssl-users mailing list