<div dir="ltr"><div class="gmail_default" style="font-family:tahoma,sans-serif">Hi Jan,</div><div class="gmail_default" style="font-family:tahoma,sans-serif">Thanks for you reply. I have sent you the mail with the certificates. The version is.</div><div class="gmail_default" style=""><font face="tahoma, sans-serif">OpenSSL 0.9.8k 25 Mar 2009</font><br></div><div><br></div><div><div class="gmail_default" style="font-family:tahoma,sans-serif">Regards</div><div class="gmail_default" style="font-family:tahoma,sans-serif">Anil</div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><br><br><br><div class=""><font color="#999999" class="">Sent with <a href="https://mailtrack.io/install?source=signature&lang=en&referral=anilmathew001@gmail.com&idSignature=22" class="">MailTrack</a></font></div><img width="0" height="0" class="mailtrack-img" src="https://mailtrack.io/trace/mail/3064ecaa2118cd9dfe373ebbfd28064708df52a9584452.png"></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jan 12, 2016 at 2:02 AM, Jan Just Keijser <span dir="ltr"><<a href="mailto:janjust@nikhef.nl" target="_blank">janjust@nikhef.nl</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>Hi,<br>
<br>
On 10/01/16 05:15, Anil Mathew wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_default" style="font-family:tahoma,sans-serif"><span style="font-family:arial,sans-serif;font-size:12.8px">I am a
novice in terms of ssl and hence have limited knowledge in
this.</span><br style="font-family:arial,sans-serif;font-size:12.8px">
<span style="font-family:arial,sans-serif;font-size:12.8px">Please
help</span><br style="font-family:arial,sans-serif;font-size:12.8px">
<br style="font-family:arial,sans-serif;font-size:12.8px">
<span style="font-family:arial,sans-serif;font-size:12.8px">I
have been a given a jks file that has server certificate,
client</span><br style="font-family:arial,sans-serif;font-size:12.8px">
<span style="font-family:arial,sans-serif;font-size:12.8px">certificate
and a key for the client certificate. I need to convert it
to</span><br style="font-family:arial,sans-serif;font-size:12.8px">
<span style="font-family:arial,sans-serif;font-size:12.8px">pem
to use it in my application.</span><br style="font-family:arial,sans-serif;font-size:12.8px">
<br style="font-family:arial,sans-serif;font-size:12.8px">
<span style="font-family:arial,sans-serif;font-size:12.8px">I
have converted a jks file to p12 and then to pem.</span><br style="font-family:arial,sans-serif;font-size:12.8px">
<span style="font-family:arial,sans-serif;font-size:12.8px">However
when i try to verify i get the following error.</span><br style="font-family:arial,sans-serif;font-size:12.8px">
<br style="font-family:arial,sans-serif;font-size:12.8px">
<span style="font-family:arial,sans-serif;font-size:12.8px">echo
|openssl verify -verbose -purpose sslclient -issuer_checks
-CApath</span><br style="font-family:arial,sans-serif;font-size:12.8px">
<span style="font-family:arial,sans-serif;font-size:12.8px">C:\Data\Openssl\demoCA\certs
-CAfile client.pem client.pem</span><br style="font-family:arial,sans-serif;font-size:12.8px">
<span style="font-family:arial,sans-serif;font-size:12.8px">client.pem:
/CN=cn/O=o/L=L/ST=il/C= c</span><br style="font-family:arial,sans-serif;font-size:12.8px">
<span style="font-family:arial,sans-serif;font-size:12.8px">error
29 at 0 depth lookup:subject issuer mismatch</span><br style="font-family:arial,sans-serif;font-size:12.8px">
<span style="font-family:arial,sans-serif;font-size:12.8px">/CN=cn/O=o/L=L/ST=il/C=
c</span><br style="font-family:arial,sans-serif;font-size:12.8px">
<span style="font-family:arial,sans-serif;font-size:12.8px">error
29 at 0 depth lookup:subject issuer mismatch</span><br style="font-family:arial,sans-serif;font-size:12.8px">
<span style="font-family:arial,sans-serif;font-size:12.8px">/CN=cn/O=o/L=L/ST=il/C=
c</span><br style="font-family:arial,sans-serif;font-size:12.8px">
<span style="font-family:arial,sans-serif;font-size:12.8px">error
29 at 0 depth lookup:subject issuer mismatch</span><br style="font-family:arial,sans-serif;font-size:12.8px">
<span style="font-family:arial,sans-serif;font-size:12.8px">/CN=cn/O=o/L=L/ST=il/C=
c</span><br style="font-family:arial,sans-serif;font-size:12.8px">
<span style="font-family:arial,sans-serif;font-size:12.8px">error
29 at 0 depth lookup:subject issuer mismatch</span><br style="font-family:arial,sans-serif;font-size:12.8px">
<span style="font-family:arial,sans-serif;font-size:12.8px">/CN=cn/O=o/L=L/ST=il/C=
c</span><br style="font-family:arial,sans-serif;font-size:12.8px">
<span style="font-family:arial,sans-serif;font-size:12.8px">error
20 at 0 depth lookup:unable to get local issuer certificate</span><br>
</div>
</div>
</blockquote>
<br>
this could be a PRINTABLE_STRING / UTF8_STRING mismatch - can you
send me the certificates (not the key!) via private email and I will
have a look. There are some funky options you can add to openssl to
see how the certificate is composed.<br>
<br>
Also, it would help to list the exact version of openssl that you
are using (run 'openssl version').<br>
<br>
HTH,<br>
<br>
JJK<br>
<br>
</div>
<br>_______________________________________________<br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/mailman/listinfo/openssl-users</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature">Best Regards<br>Anil Mathew</div>
</div>