Question on "unsupported certificate purpose" error when trying to read the certificate on the web server
Kyle Hamilton
aerowolf at gmail.com
Thu Jul 22 00:02:17 UTC 2021
An EE certificate is an "end entity" certificate, which identifies an
entity that isn't a certifier.
On Wed, Jul 21, 2021, 18:23 Thejus Prabhu <tprabhu1989 at gmail.com> wrote:
> Thanks for your reply Viktor. I would like to add that this is a self
> signed certificate created on the server. What is EE certificate?
>
>
> On Wed, Jul 21, 2021 at 6:55 PM Viktor Dukhovni <
> openssl-users at dukhovni.org> wrote:
>
>> On Wed, Jul 21, 2021 at 06:34:03PM -0400, Thejus Prabhu wrote:
>>
>> > verify error:num=26:unsupported certificate purpose
>>
>> The certificate in question is CA certificate, not an EE certificate.
>> Specifically, the key usage and Netscape Cert Type signal that its
>> purpose is exclusively to be a CA, not a TLS server.
>>
>> X509v3 Key Usage: critical
>> Certificate Sign, CRL Sign
>> Netscape Cert Type:
>> SSL CA
>>
>> > Certificate:
>> > Data:
>> > Version: 3 (0x2)
>> > Serial Number: 1 (0x1)
>> > Signature Algorithm: sha1WithRSAEncryption
>> > Issuer: O = Verint, C = US, CN = 192.168.1.200, L = Columbia,
>> OU = Verint
>> > Validity
>> > Not Before: Jul 21 20:51:12 2021 GMT
>> > Not After : Jul 21 20:51:12 2022 GMT
>> > Subject: O = Verint, C = US, CN = 192.168.1.200, L =
>> Columbia, OU = Verint
>> > Subject Public Key Info:
>> > Public Key Algorithm: rsaEncryption
>> > RSA Public-Key: (2048 bit)
>> > Modulus:
>> > 00:b8:e8:bd:08:10:e4:d9:2d:77:52:33:8c:15:30:
>> > cf:89:a0:d4:bd:95:85:15:ba:54:37:8d:5b:17:e4:
>> > 4d:3f:a3:fb:0c:08:ee:7e:30:eb:5d:93:fd:db:f3:
>> > 51:85:60:91:66:04:e1:b2:55:fd:5a:cf:c1:7c:3a:
>> > 3b:4c:30:af:67:b8:2f:21:7c:42:a4:86:8e:d3:a8:
>> > ea:b2:8e:22:f3:b7:08:90:ec:8f:7a:20:1a:ae:44:
>> > 45:8c:db:2c:ee:20:d9:56:7a:8b:b9:d0:b9:0b:5b:
>> > ac:7b:e0:f4:53:29:b4:06:cb:5e:fd:cf:87:b7:5d:
>> > 9f:bb:e7:71:33:27:f8:b4:01:d5:78:75:5e:99:e1:
>> > dc:7d:5b:12:78:12:d6:38:07:f5:73:3c:8e:9b:62:
>> > d6:ae:30:f5:8f:31:7e:42:81:2d:10:b4:6a:2c:33:
>> > 7c:48:db:95:9c:af:a9:ca:8b:92:c2:93:93:59:7a:
>> > a0:a6:42:dd:72:e8:b8:21:d8:75:05:7a:8f:47:19:
>> > ca:3d:ae:89:a6:d3:87:fc:2a:02:c4:49:58:28:05:
>> > d5:d2:a9:fc:f5:06:40:1e:35:38:2e:33:f3:31:f2:
>> > c9:a8:16:6e:b9:0a:42:95:6e:de:1f:f7:3e:2d:c8:
>> > 34:64:00:77:d4:cf:5c:3d:28:78:ce:60:bd:e5:90:
>> > 09:a9
>> > Exponent: 65537 (0x10001)
>> > X509v3 extensions:
>> > X509v3 Basic Constraints: critical
>> > CA:TRUE
>> > X509v3 Key Usage: critical
>> > Certificate Sign, CRL Sign
>> > X509v3 Subject Key Identifier:
>> >
>> A2:FF:95:62:C7:85:BC:1A:FE:D5:0B:F8:F7:A8:B1:B4:BF:29:8B:7D
>> > Netscape Cert Type:
>> > SSL CA
>> > Netscape Comment:
>> > example comment extension
>> > Signature Algorithm: sha1WithRSAEncryption
>> > 73:f4:61:1c:f1:b7:d3:c4:e2:ae:b1:ea:1e:3f:b2:6b:bc:f3:
>> > 85:80:a1:0d:a8:06:7e:5a:bd:2b:fe:13:ce:4d:80:4d:c8:3d:
>> > 4a:95:f9:ee:9c:19:1d:6b:b4:57:79:72:d9:00:e7:d1:be:9c:
>> > c3:4f:2d:77:93:71:45:87:8f:99:bd:35:43:95:1b:69:31:71:
>> > f9:f4:ee:00:1f:cd:f7:f4:2e:b1:ae:e7:9c:8e:cb:ce:86:50:
>> > d8:1b:4e:3c:11:77:63:55:09:74:4c:89:ce:34:ae:4e:75:80:
>> > e8:9e:37:23:75:e2:eb:bf:27:f8:dc:07:9d:64:b3:96:01:84:
>> > 4a:62:23:c9:52:0f:92:e1:4a:3f:db:c7:b9:82:e9:8b:bb:89:
>> > 7f:6c:fc:90:da:e1:2b:e9:8f:a3:d2:8c:66:22:5a:4e:27:77:
>> > f9:88:0e:7c:87:45:c4:56:4b:c8:fa:93:7c:18:3a:d5:cd:a3:
>> > 59:6e:e2:37:a6:45:57:e8:8f:1f:d6:65:b9:47:e4:5c:c0:83:
>> > 80:63:ac:2d:1d:6a:0f:95:62:00:18:b0:66:4f:b7:76:5a:1f:
>> > f6:7c:27:f7:86:3e:8d:fc:1c:b0:d9:7c:60:44:61:e9:eb:ff:
>> > 95:b4:31:67:df:d1:ce:fc:91:3e:f3:64:fa:ca:c8:29:16:3b:
>> > d4:ae:f4:0e
>> > -----BEGIN CERTIFICATE-----
>> > MIIDrjCCApagAwIBAgIBATANBgkqhkiG9w0BAQUFADBaMQ8wDQYDVQQKDAZWZXJp
>> > bnQxCzAJBgNVBAYTAlVTMRYwFAYDVQQDDA0xOTIuMTY4LjEuMjAwMREwDwYDVQQH
>> > DAhDb2x1bWJpYTEPMA0GA1UECwwGVmVyaW50MB4XDTIxMDcyMTIwNTExMloXDTIy
>> > MDcyMTIwNTExMlowWjEPMA0GA1UECgwGVmVyaW50MQswCQYDVQQGEwJVUzEWMBQG
>> > A1UEAwwNMTkyLjE2OC4xLjIwMDERMA8GA1UEBwwIQ29sdW1iaWExDzANBgNVBAsM
>> > BlZlcmludDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALjovQgQ5Nkt
>> > d1IzjBUwz4mg1L2VhRW6VDeNWxfkTT+j+wwI7n4w612T/dvzUYVgkWYE4bJV/VrP
>> > wXw6O0wwr2e4LyF8QqSGjtOo6rKOIvO3CJDsj3ogGq5ERYzbLO4g2VZ6i7nQuQtb
>> > rHvg9FMptAbLXv3Ph7ddn7vncTMn+LQB1Xh1Xpnh3H1bEngS1jgH9XM8jpti1q4w
>> > 9Y8xfkKBLRC0aiwzfEjblZyvqcqLksKTk1l6oKZC3XLouCHYdQV6j0cZyj2uiabT
>> > h/wqAsRJWCgF1dKp/PUGQB41OC4z8zHyyagWbrkKQpVu3h/3Pi3INGQAd9TPXD0o
>> > eM5gveWQCakCAwEAAaN/MH0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
>> > AQYwHQYDVR0OBBYEFKL/lWLHhbwa/tUL+PeosbS/KYt9MBEGCWCGSAGG+EIBAQQE
>> > AwICBDAoBglghkgBhvhCAQ0EGxYZZXhhbXBsZSBjb21tZW50IGV4dGVuc2lvbjAN
>> > BgkqhkiG9w0BAQUFAAOCAQEAc/RhHPG308TirrHqHj+ya7zzhYChDagGflq9K/4T
>> > zk2ATcg9SpX57pwZHWu0V3ly2QDn0b6cw08td5NxRYePmb01Q5UbaTFx+fTuAB/N
>> > 9/Qusa7nnI7LzoZQ2BtOPBF3Y1UJdEyJzjSuTnWA6J43I3Xi678n+NwHnWSzlgGE
>> > SmIjyVIPkuFKP9vHuYLpi7uJf2z8kNrhK+mPo9KMZiJaTid3+YgOfIdFxFZLyPqT
>> > fBg61c2jWW7iN6ZFV+iPH9ZluUfkXMCDgGOsLR1qD5ViABiwZk+3dlof9nwn94Y+
>> > jfwcsNl8YERh6ev/lbQxZ9/RzvyRPvNk+srIKRY71K70Dg==
>> > -----END CERTIFICATE-----
>>
>> --
>> Viktor.
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210721/cc239fbd/attachment-0001.html>
More information about the openssl-users
mailing list