This is a discussion on Error: unable to get local issuer certificate!!! - Openssl ; Hi, Mail is quite big with description. please read through and help me. Below are the configuration and execution done for OCSP request and response. *what is the reason for error? * what is the solution for error? Any reply ...
Mail is quite big with description. please read through and help me.
Below are the configuration and execution done for OCSP request and response.
*what is the reason for error?
* what is the solution for error?
Any reply is appreciated.
I have provided even folder structure because, error related to "unable to get local issuer certificate".
Folder structure: certifiacte/CACERT/demoCA
executed at certificate/
Root key generated: openssl genrsa -out rootkey.pem 1024
root self-signed certificate: openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout rootkey.pem -out rootcert.pem
request generated: openssl req -nodes -days 365 -newkey rsa:1024 -keyout reqkey.pem -out reqreq.pem
issuing: openssl x509 -days 365 -CA rootcert.pem -CAkey rootkey.pem -req -CAcreateserial -CAserial ca.srl -in reqreq.pem -out resolve.pem
Request sent: openssl ocsp -issuer rootcert.pem -cert resolve.pem -url http://xxx.xxx.xx.xxx:8888 -resp_text -respout resp.der
Response Verify Failure
11114:error:27069065:OCSP routines:OCSP_basic_verify:certificate verify errorcsp_vfy.c:122:Verify error:unable to get local issuer certificate
This Update: Sep 8 16:38:27 2008 GMT
Folder structure: certifiacte/CACERT/demoCA/private/firstkey.pem
1. Created folder(CACERT)
2. copied CA.pl from( /usr/lib/ssl/misc/CA.pl) into CACERT.
3. copied openssl.cnf from (/usr/lib/ssl/openssl.cnf ) into CACERT.
executed: ./CA.pl -newca (creates demoCA folder which consist index.txt file,cacert.pem file, private folder,certs folder,newcerts folder and etc..)
key generated at demoCA/private/: openssl genrsa -out firstkey.pem 1024
request generated /demoCA/certs/: openssl req -new -key demoCA/private/firstkey.pem -out req1.pem
(renamed req1.pem as newreq.pem)
now execute-> ./CA.pl -sign (newcert.pem is created)
openssl ocsp -index demoCA/index.txt -port 8888 -rsigner newcert.pem -rkey demoCA/private/first.key -CA demoCA/cacert.pem -text -out log.txt
Advance Thanks & Regards,