<div dir="ltr">Hi<div><br></div><div>   I am new to certificate management domain. We have a MTLS server. I am trying to debug the issues between the certificate validation between client and server.</div><div><br></div><div>   I used openssl s_client and s_server command to verify if the certificates are in good shape.</div><div>But while doing so - I am getting the following error. </div><div><br></div><div><p style="margin:0px;font-stretch:normal;font-size:18px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(200,255,155)"><span style="font-variant-ligatures:no-common-ligatures">    #$ openssl s_client -cert tomcat.pem  -key tomcat_priv.pem  -CAfile ca.pem -connect <a href="http://lrc1.cisco.com:8446">lrc1.cisco.com:8446</a></span></p>
<p style="margin:0px;font-stretch:normal;font-size:18px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(200,255,155);min-height:21px"><span style="font-variant-ligatures:no-common-ligatures"></span><br></p>
<p style="margin:0px;font-stretch:normal;font-size:18px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(200,255,155)"><span style="font-variant-ligatures:no-common-ligatures">    ----- </span></p>
<p style="margin:0px;font-stretch:normal;font-size:18px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(200,255,155);min-height:21px"><span style="font-variant-ligatures:no-common-ligatures"></span><br></p>
<p style="margin:0px;font-stretch:normal;font-size:18px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(200,255,155)"><span style="font-variant-ligatures:no-common-ligatures">    #$ openssl s_server -key privkey.pem -cert server.pem  -accept 8446 -verify ca.pem                   </span></p>
<p style="margin:0px;font-stretch:normal;font-size:18px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(200,255,155)"><span style="font-variant-ligatures:no-common-ligatures">    verify depth is 0</span></p>
<p style="margin:0px;font-stretch:normal;font-size:18px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(200,255,155)"><span style="font-variant-ligatures:no-common-ligatures">    Using default temp DH parameters</span></p>
<p style="margin:0px;font-stretch:normal;font-size:18px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(200,255,155)"><span style="font-variant-ligatures:no-common-ligatures">    ACCEPT</span></p>
<p style="margin:0px;font-stretch:normal;font-size:18px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(200,255,155)"><span style="font-variant-ligatures:no-common-ligatures">    depth=2 O = Cisco Systems, CN = trca-4096-sha2</span></p>
<p style="margin:0px;font-stretch:normal;font-size:18px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(200,255,155)"><span style="font-variant-ligatures:no-common-ligatures">    verify error:num=19:self signed certificate in certificate chain</span></p>
<p style="margin:0px;font-stretch:normal;font-size:18px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(200,255,155)"><span style="font-variant-ligatures:no-common-ligatures">    ERROR</span></p>
<p style="margin:0px;font-stretch:normal;font-size:18px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(200,255,155)"><span style="font-variant-ligatures:no-common-ligatures">    verify error:self signed certificate in certificate chain</span></p>
<p style="margin:0px;font-stretch:normal;font-size:18px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(200,255,155)"><span style="font-variant-ligatures:no-common-ligatures">    140011871301248:error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed:s3_srvr.c:3427:</span></p>
<p style="margin:0px;font-stretch:normal;font-size:18px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(200,255,155)"><span style="font-variant-ligatures:no-common-ligatures">    shutting down SSL</span></p>
<p style="margin:0px;font-stretch:normal;font-size:18px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(200,255,155)"><span style="font-variant-ligatures:no-common-ligatures">    CONNECTION CLOSED</span></p></div><div><br></div><div>What is the meaning of this error and how do I correct this - ?</div><div><br></div><div>Thanks</div><div>~S</div></div>