Re: Openssl -showcerts "verify error"
Hi.
On Wed, 04 May 2016 17:25:40 +0100
Ron Leach <ronleach@tesco.net> wrote:
> List, good afternoon,
>
> I'd appreciate some advice about how to fix an SSL error I'm hitting
> while accessing a government website required for online filing.
> Oddly, this error has just occurred, but we've been using the service
> without difficulty for a few years.
>
> The SSL failure is reported by the application as an
> "SSL Certificate Verification Error"; no other information.
Considering that https://secure.gateway.gov.uk tells me about
*selecting* a valid certificate - it could mean that your *client*
became expired recently.
> Using openssl -showcerts, a "verify error" is reported. Here's the
> dialogue - I've skipped the bulk of the certificate texts.
>
> ron@debians5:~$ openssl s_client -showcerts -connect
> secure.gateway.gov.uk:443 </dev/null
You'll always get errno 20 that way as openssl does not use any
Certified Authority information unless told to do so.
Try this:
openssl s_client -showcerts -connect secure.gateway.gov.uk:443 \
-CApath /etc/ssl/certs </dev/null
Reco
Reply to: