Re: Openssl -showcerts "verify error"

To: debian-user@lists.debian.org
Subject: Re: Openssl -showcerts "verify error"
From: Reco <recoverym4n@gmail.com>
Date: Thu, 5 May 2016 01:22:07 +0300
Message-id: <[🔎] 20160505012207.c7f4f3c143d03a6997502f9c@gmail.com>
In-reply-to: <[🔎] 572A2284.2070406@tesco.net>
References: <[🔎] 572A2284.2070406@tesco.net>

	Hi.

On Wed, 04 May 2016 17:25:40 +0100
Ron Leach <ronleach@tesco.net> wrote:

> List, good afternoon,
> 
> I'd appreciate some advice about how to fix an SSL error I'm hitting 
> while accessing a government website required for online filing. 
> Oddly, this error has just occurred, but we've been using the service 
> without difficulty for a few years.
> 
> The SSL failure is reported by the application as an
> "SSL Certificate Verification Error"; no other information.

Considering that https://secure.gateway.gov.uk tells me about
*selecting* a valid certificate - it could mean that your *client*
became expired recently.


> Using openssl -showcerts, a "verify error" is reported.  Here's the 
> dialogue - I've skipped the bulk of the certificate texts.
> 
> ron@debians5:~$ openssl s_client -showcerts -connect 
> secure.gateway.gov.uk:443 </dev/null

You'll always get errno 20 that way as openssl does not use any
Certified Authority information unless told to do so.

Try this:

openssl s_client -showcerts -connect secure.gateway.gov.uk:443 \
-CApath /etc/ssl/certs </dev/null

Reco

Reply to:

Follow-Ups:
- Re: Openssl -showcerts "verify error"
  - From: Ron Leach <ronleach@tesco.net>

References:
- Openssl -showcerts "verify error"
  - From: Ron Leach <ronleach@tesco.net>

Prev by Date: Re: Migrating Windows on a physical server to KVM with Debian Jessie
Next by Date: Re: Openssl -showcerts "verify error"
Previous by thread: Re: Openssl -showcerts "verify error"
Next by thread: Re: Openssl -showcerts "verify error"
Index(es):
- Date
- Thread