Why does OpenSSL report google's certificate is "self-signed"?
Viktor Dukhovni
openssl-users at dukhovni.org
Wed Mar 31 16:30:53 UTC 2021
> On Mar 31, 2021, at 1:49 AM, Nan Xiao <xiaonan830818 at gmail.com> wrote:
>
> The connection is successful, but the ssl->verify_result is 18, i.e.,
> X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT. I am a little confused why
> OpenSSL reports google's certificate is "self-signed"? And it should
> be not.
Most likely you haven't configured a suitable CAfile and/or CApath,
which contains the root CA that ultimately issued Google's certificate.
It looks like Google includes a self-signed root CA in the wire
certificate chain, and if no match is found in the trust store,
you'll get the reported error.
--
Viktor.
More information about the openssl-users
mailing list