<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">Hi,<br>
      <br>
      On 10/01/16 05:15, Anil Mathew wrote:<br>
    </div>
    <blockquote
cite="mid:CAJTG-bdqDYvXOB_YOEc1CUo_GM1_3mx_8DZcH_FtM+4DLVLYcA@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div class="gmail_default" style="font-family:tahoma,sans-serif"><span
            style="font-family:arial,sans-serif;font-size:12.8px">I am a
            novice in terms of ssl and hence have limited knowledge in
            this.</span><br
            style="font-family:arial,sans-serif;font-size:12.8px">
          <span style="font-family:arial,sans-serif;font-size:12.8px">Please
            help</span><br
            style="font-family:arial,sans-serif;font-size:12.8px">
          <br style="font-family:arial,sans-serif;font-size:12.8px">
          <span style="font-family:arial,sans-serif;font-size:12.8px">I
            have been a given a jks file that has server certificate,
            client</span><br
            style="font-family:arial,sans-serif;font-size:12.8px">
          <span style="font-family:arial,sans-serif;font-size:12.8px">certificate
            and a key for the client certificate.  I need to convert it
            to</span><br
            style="font-family:arial,sans-serif;font-size:12.8px">
          <span style="font-family:arial,sans-serif;font-size:12.8px">pem
            to use it in my application.</span><br
            style="font-family:arial,sans-serif;font-size:12.8px">
          <br style="font-family:arial,sans-serif;font-size:12.8px">
          <span style="font-family:arial,sans-serif;font-size:12.8px">I
            have converted a jks file to p12 and then to pem.</span><br
            style="font-family:arial,sans-serif;font-size:12.8px">
          <span style="font-family:arial,sans-serif;font-size:12.8px">However
            when i try to verify i get the following error.</span><br
            style="font-family:arial,sans-serif;font-size:12.8px">
          <br style="font-family:arial,sans-serif;font-size:12.8px">
          <span style="font-family:arial,sans-serif;font-size:12.8px">echo
            |openssl verify -verbose -purpose sslclient -issuer_checks
            -CApath</span><br
            style="font-family:arial,sans-serif;font-size:12.8px">
          <span style="font-family:arial,sans-serif;font-size:12.8px">C:\Data\Openssl\demoCA\certs
            -CAfile client.pem client.pem</span><br
            style="font-family:arial,sans-serif;font-size:12.8px">
          <span style="font-family:arial,sans-serif;font-size:12.8px">client.pem:
            /CN=cn/O=o/L=L/ST=il/C= c</span><br
            style="font-family:arial,sans-serif;font-size:12.8px">
          <span style="font-family:arial,sans-serif;font-size:12.8px">error
            29 at 0 depth lookup:subject issuer mismatch</span><br
            style="font-family:arial,sans-serif;font-size:12.8px">
          <span style="font-family:arial,sans-serif;font-size:12.8px">/CN=cn/O=o/L=L/ST=il/C=
            c</span><br
            style="font-family:arial,sans-serif;font-size:12.8px">
          <span style="font-family:arial,sans-serif;font-size:12.8px">error
            29 at 0 depth lookup:subject issuer mismatch</span><br
            style="font-family:arial,sans-serif;font-size:12.8px">
          <span style="font-family:arial,sans-serif;font-size:12.8px">/CN=cn/O=o/L=L/ST=il/C=
            c</span><br
            style="font-family:arial,sans-serif;font-size:12.8px">
          <span style="font-family:arial,sans-serif;font-size:12.8px">error
            29 at 0 depth lookup:subject issuer mismatch</span><br
            style="font-family:arial,sans-serif;font-size:12.8px">
          <span style="font-family:arial,sans-serif;font-size:12.8px">/CN=cn/O=o/L=L/ST=il/C=
            c</span><br
            style="font-family:arial,sans-serif;font-size:12.8px">
          <span style="font-family:arial,sans-serif;font-size:12.8px">error
            29 at 0 depth lookup:subject issuer mismatch</span><br
            style="font-family:arial,sans-serif;font-size:12.8px">
          <span style="font-family:arial,sans-serif;font-size:12.8px">/CN=cn/O=o/L=L/ST=il/C=
            c</span><br
            style="font-family:arial,sans-serif;font-size:12.8px">
          <span style="font-family:arial,sans-serif;font-size:12.8px">error
            20 at 0 depth lookup:unable to get local issuer certificate</span><br>
        </div>
      </div>
    </blockquote>
    <br>
    this could be a PRINTABLE_STRING  / UTF8_STRING mismatch - can you
    send me the certificates (not the key!) via private email and I will
    have a look. There are some funky options you can add to openssl to
    see how the certificate is composed.<br>
    <br>
    Also, it would help to list the exact version of openssl that you
    are using (run 'openssl version').<br>
    <br>
    HTH,<br>
    <br>
    JJK<br>
    <br>
  </body>
</html>