<div dir="ltr">Hi<div><br></div><div> I am new to certificate management domain. We have a MTLS server. I am trying to debug the issues between the certificate validation between client and server.</div><div><br></div><div> I used openssl s_client and s_server command to verify if the certificates are in good shape.</div><div>But while doing so - I am getting the following error. </div><div><br></div><div><p style="margin:0px;font-stretch:normal;font-size:18px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(200,255,155)"><span style="font-variant-ligatures:no-common-ligatures"> #$ openssl s_client -cert tomcat.pem -key tomcat_priv.pem -CAfile ca.pem -connect <a href="http://lrc1.cisco.com:8446">lrc1.cisco.com:8446</a></span></p>
<p style="margin:0px;font-stretch:normal;font-size:18px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(200,255,155);min-height:21px"><span style="font-variant-ligatures:no-common-ligatures"></span><br></p>
<p style="margin:0px;font-stretch:normal;font-size:18px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(200,255,155)"><span style="font-variant-ligatures:no-common-ligatures"> ----- </span></p>
<p style="margin:0px;font-stretch:normal;font-size:18px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(200,255,155);min-height:21px"><span style="font-variant-ligatures:no-common-ligatures"></span><br></p>
<p style="margin:0px;font-stretch:normal;font-size:18px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(200,255,155)"><span style="font-variant-ligatures:no-common-ligatures"> #$ openssl s_server -key privkey.pem -cert server.pem -accept 8446 -verify ca.pem </span></p>
<p style="margin:0px;font-stretch:normal;font-size:18px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(200,255,155)"><span style="font-variant-ligatures:no-common-ligatures"> verify depth is 0</span></p>
<p style="margin:0px;font-stretch:normal;font-size:18px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(200,255,155)"><span style="font-variant-ligatures:no-common-ligatures"> Using default temp DH parameters</span></p>
<p style="margin:0px;font-stretch:normal;font-size:18px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(200,255,155)"><span style="font-variant-ligatures:no-common-ligatures"> ACCEPT</span></p>
<p style="margin:0px;font-stretch:normal;font-size:18px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(200,255,155)"><span style="font-variant-ligatures:no-common-ligatures"> depth=2 O = Cisco Systems, CN = trca-4096-sha2</span></p>
<p style="margin:0px;font-stretch:normal;font-size:18px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(200,255,155)"><span style="font-variant-ligatures:no-common-ligatures"> verify error:num=19:self signed certificate in certificate chain</span></p>
<p style="margin:0px;font-stretch:normal;font-size:18px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(200,255,155)"><span style="font-variant-ligatures:no-common-ligatures"> ERROR</span></p>
<p style="margin:0px;font-stretch:normal;font-size:18px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(200,255,155)"><span style="font-variant-ligatures:no-common-ligatures"> verify error:self signed certificate in certificate chain</span></p>
<p style="margin:0px;font-stretch:normal;font-size:18px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(200,255,155)"><span style="font-variant-ligatures:no-common-ligatures"> 140011871301248:error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed:s3_srvr.c:3427:</span></p>
<p style="margin:0px;font-stretch:normal;font-size:18px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(200,255,155)"><span style="font-variant-ligatures:no-common-ligatures"> shutting down SSL</span></p>
<p style="margin:0px;font-stretch:normal;font-size:18px;line-height:normal;font-family:Menlo;color:rgb(0,0,0);background-color:rgb(200,255,155)"><span style="font-variant-ligatures:no-common-ligatures"> CONNECTION CLOSED</span></p></div><div><br></div><div>What is the meaning of this error and how do I correct this - ?</div><div><br></div><div>Thanks</div><div>~S</div></div>