LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-07-2011, 03:03 AM   #1
tayzar
LQ Newbie
 
Registered: Jun 2011
Posts: 5
Blog Entries: 1

Rep: Reputation: Disabled
Exclamation Could not verify this certificate for unknown reason


I am testing about using SSL Certificate in apache web server using Ubantu 10.04.2 (64 bit edition).
And I insert SSLcertificate and private.key file into "default-ssl" file in "sites-available" folder.
But when I call the website, SSL certificate show "Could not verify this certificate for unknown reason".

Configuration in "default-ssl" is shown below

SSLCertificateFile /etc/apache2/ssl/mysite_com.cer
SSLCertificateKeyFile /etc/apache2/ssl/privatekey.key
SSLCACertificateFile /etc/apache2/ssl/SCAONE.cer
SSLCACertificateFile /etc/apache2/ssl/ROOTCA.cer

Please give me some advices if someone got how to solve this error.
thanks
tayzar
 
Old 07-07-2011, 09:08 AM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,882

Rep: Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608
Hi and welcome to LQ,

Is is a self-signed certificate? If so it should give you just a warning that if you want to accept the certificate or not.
Anyway, comment out the last 2 lines and restart apache to see if it works

Regards
 
Old 07-07-2011, 01:19 PM   #3
sandwormusmc
Member
 
Registered: Nov 2006
Distribution: Fedora 15 x86_64
Posts: 76

Rep: Reputation: 24
Quote:
Originally Posted by tayzar View Post
I am testing about using SSL Certificate in apache web server using Ubantu 10.04.2 (64 bit edition).
And I insert SSLcertificate and private.key file into "default-ssl" file in "sites-available" folder.
But when I call the website, SSL certificate show "Could not verify this certificate for unknown reason".

Configuration in "default-ssl" is shown below

SSLCertificateFile /etc/apache2/ssl/mysite_com.cer
SSLCertificateKeyFile /etc/apache2/ssl/privatekey.key
SSLCACertificateFile /etc/apache2/ssl/SCAONE.cer
SSLCACertificateFile /etc/apache2/ssl/ROOTCA.cer

Please give me some advices if someone got how to solve this error.
thanks
tayzar
You may have to convert your .cer to a PEM certificate ...

Code:
openssl x509 -inform der -in certificate.cer -out certificate.pem
For more information, including some diagnostic commands you can try on the various certs/keys, check out http://www.sslshopper.com/article-mo...-commands.html.
 
Old 07-07-2011, 11:55 PM   #4
tayzar
LQ Newbie
 
Registered: Jun 2011
Posts: 5
Blog Entries: 1

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by bathory View Post
Hi and welcome to LQ,

Is is a self-signed certificate? If so it should give you just a warning that if you want to accept the certificate or not.
Anyway, comment out the last 2 lines and restart apache to see if it works

Regards
Hi,
I am using SSL Certificate issued from ROOTCA and CA.
When I tested it, the browser don't know the certificate Chain.
How should i give certificate chain in "SSL Certificate path".
thanks
tayzar
 
Old 07-08-2011, 04:52 AM   #5
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,882

Rep: Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608
Quote:
I am using SSL Certificate issued from ROOTCA and CA.
You should import the 2 CA certs in your browser
 
Old 07-10-2011, 11:02 PM   #6
tayzar
LQ Newbie
 
Registered: Jun 2011
Posts: 5
Blog Entries: 1

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by bathory View Post
You should import the 2 CA certs in your browser
Thanks for the advice. It is Ok for the problem.
But I don't want to import the RootCA and CA certs in client browser.
I want to get Certificate Chain directly when I call the website like IIS.
So, how do I import the Certificate Chain in Server.

thanks you very much!
Looking forwards to your answer.
 
Old 07-11-2011, 09:18 AM   #7
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,882

Rep: Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608Reputation: 1608
Hi,

You may take a look at this and use the SSLCertificateChainFile with the final certificate

Regards
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
RHEL x86_64 yum, Error: certificate verify failed forrie Linux - Server 6 12-02-2010 01:40 AM
openssl ssl error code 14090086 verify the CA cert is ok / certificate verify failed acummings Slackware 14 02-27-2009 02:51 AM
curl error setting certificate verify locations polo76 Linux - Newbie 3 02-12-2008 07:08 PM
Openssl certificate verify failure while using Xsupplicant Sparrowhawk Linux - Networking 0 06-27-2006 11:31 PM
Openssl - verify wheather certificate is revoked djgerbavore Linux - Security 1 11-21-2005 08:20 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:19 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration