The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

openssl s_client problems

Discussion in 'General Discussion' started by Shamele, Feb 1, 2004.

  1. Shamele

    Shamele Member

    Dec 31, 2001
    Likes Received:
    Trophy Points:
    We have bought a Geotrust QuickSSL cert and installed it via cPanel/WHM. Everything looks as expected -- the cert and key were accepted, and when we look at the cabundle for the domain it displays the correct Issuer (C=US, O=Equifax, OU=Equifax Secure Certificate Authority). When we connect to the site via we run into no problems and the browser specificies the correct certificate.

    We are having trouble setting up our SSL certs to connect to vendor's servers that require an SSL connection using the openssl s_client. When we try this command: openssl s_client -connect, we receive a number 19 error ("self signed certificate") and a "No client certificate CA names sent" message.

    Besides letting WHM automatically set everything up, we have also tried manually configuring SSL in the httpd.conf, placing the certs in the default directories (/usr/local/apache/etc/, and also manually placing the certs in the default WHM directories (/usr/share/ssl/). We have also edited the ca-bundle file to only include the CA, Equifax. Each time, SSL works for clients, and WHM indicates that everything is set up and working correctly. When we run openssl verify on the certs themselves on the command line, they all verify OK. Every time we run s_client, even when connecting to our client's domain that we have set up SSL for, it gives us these errors. Although, when I use s_client to connect to our client's domain, it displays the correct cert and CA for that domain, which indicates it is set up and receiving connections but we receive the error 19 that indicates that our certs aren't being sent out.

    The domain we are setting up is a client's domain on a shared hosting server, with a dedicated IP for their domain. They are the only domain on the server that has SSL set up for them. We are running apache 1.3.28 with openssl 0.9.7a on RedHat9.0 Linux, with a GeoTrust QuickSSL certificate.

    If anyone has any ideas why we keep receiving s_client number 19 errors, or why it does not find the CA names, please let us know. Is there some special configuration s_client needs in order to find the certs and pass them to the vendor's server?


Share This Page