[SLL] unable to get local issuer certificate
Brian Hatch
bri at ifokr.org
Thu Oct 25 07:36:10 PDT 2007
On or about 2007-10-25 02:27 -0500, Jeremy C. Reed avered:
> I am trying to research this MSIE error: "The security certificate
> presented by this website was not issued by a trusted certificate
> authority."
You need to check the certificate authority 'database' (certificate
store) in the client(s) that are complaining. You may have the cert
trusted by one but not the other. You may also have manually trusted
it in one of them (putting it in your store, not the global store.)
What's the machine:port in question that's giving you errors? I can
check it out.
Some command line clients don't check certs at all, depending on
version.
You might want to 'strace -efile' and see what files it's opening to
see what files it tries to open. Anything in /etc/ssl or such could
be useful. Note that 'stat' without 'open' could be important too,
as it may try to open up a file based on the CN's hash, if it doesn't
find the cert in the big huge cert store.
--
Brian Hatch "Here's my status update: I'm
Systems and aware that it exists."
Security Engineer --Ty
http://www.ifokr.org/bri/
Every message PGP signed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists2.linuxjournal.com/pipermail/linux-list/attachments/20071025/0e01265b/attachment.sig
More information about the linux-list
mailing list