You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Grant <em...@yahoo.com> on 2004/07/03 23:48:35 UTC

[users@httpd] Verisign certificate installation problem

I'm trying to install the Verisign certificate for my
domain on my new server which still uses the IP
address.  I followed the instructions here:

http://tirian.magd.ox.ac.uk/~nick/openssl-certs/others.shtml#ca-openssl

and when trying to verify the certificate which the
openssl command, I get error 20 which is identified
here:

http://www.openssl.org/docs/apps/verify.html

as follows:

20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
unable to get local issuer certificate
the issuer certificate of a locally looked up
certificate could not be found. This normally means
the list of trusted certificates is not complete.

Does anyone know what I need to do to fix this?

- Grant

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Verisign certificate installation problem

Posted by Joey Hewitt <jo...@joeyhewitt.com>.

Grant <em...@yahoo.com> wrote:
> I'm trying to install the Verisign certificate for my
> domain on my new server which still uses the IP
> address.  I followed the instructions here:
>
> http://tirian.magd.ox.ac.uk/~nick/openssl-certs/others.shtml#ca-openssl
>
> and when trying to verify the certificate which the
> openssl command, I get error 20 which is identified
> here:
>
> http://www.openssl.org/docs/apps/verify.html
>
> as follows:
>
> 20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
> unable to get local issuer certificate
> the issuer certificate of a locally looked up
> certificate could not be found. This normally means
> the list of trusted certificates is not complete.
>
> Does anyone know what I need to do to fix this?
>
> - Grant

Perhaps you need to get a copy of the Verisign certificate that yours was
signed with.  On my system, I think CA certs are stored in /etc/ssl/certs.
See what you've got there (or similar location).  Your OpenSSL might also be
configured wrongly, check openssl.cnf or something similar to see where it
looks for certs.

I'm no guru about SSL, though. ;)

Hope this helps,
Joey


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org