[PERDITION-USERS] Install Commercial Certificate on Perdition.

Simon Horman horms at verge.net.au
Tue Apr 14 17:43:37 EST 2009 

On Wed, Apr 08, 2009 at 09:40:37AM -0500, Michael Fernández M wrote:
> Hi.
> 
> I'am trying to install a Comodo Cert to perdition and replace the
> self-signed certs.....
> 
> >From Comodo i have:
> - enjoy_comodo_ssl.crt
> - commercial.key 
> - Entrust Root 
> - intermediate certificate (AAA Intermediate)
> 
> With "Entrust Root" and "intermediate certificate" I create one file and
> that put in: ssl_ca_chain_file
> 
> I created that file this way: cat EntrustSecureServerCA.crt
> AAACertificateServices_2.crt  > /tmp/ca_bundle.crt
> 
> 
> I have modify the following lines:
> 
> ssl_cert_file /path/to/enjoy_comodo_ssl.crt
> 
> ssl_key_file /path/to/commercial.key
> 
> ssl_ca_chain_file  /path/to/ca_bundle.crt
> 
> Then i restarted Perdition, and when i run:
> 
> openssl  s_client -port 993
> 
> depth=0 /C=CL/postalCode=7561115/ST=Metropolitana/L=Santiago/streetAddress=Las Condes/streetAddress=Av. Rosario Norte 555, Piso 10/O=Enjoy Gestion Ltda/OU=Servicios Web/OU=Issued through Enjoy Gestion Ltda. E-PKI Manager/OU=Comodo PremiumSSL Wildcard
> verify error:num=20:unable to get local issuer certificate
> verify return:1
> 
> depth=0 /C=CL/postalCode=7561115/ST=Metropolitana/L=Santiago/streetAddress=Las Condes/streetAddress=Av. Rosario Norte 555, Piso 10/O=Enjoy Gestion Ltda/OU=Servicios Web/OU=Issued through Enjoy Gestion Ltda. E-PKI Manager/OU=Comodo PremiumSSL Wildcard
> verify error:num=27:certificate not trusted
> verify return:1
> 
> depth=0 /C=CL/postalCode=7561115/ST=Metropolitana/L=Santiago/streetAddress=Las Condes/streetAddress=Av. Rosario Norte 555, Piso 10/O=Enjoy Gestion Ltda/OU=Servicios Web/OU=Issued through Enjoy Gestion Ltda. E-PKI Manager/OU=Comodo PremiumSSL Wildcard
> verify error:num=21:unable to verify the first certificate
> verify return:1
> 
> Verify return code: 21 (unable to verify the first certificate)
> 
> Why can not verify the cert?, What i am doing wrong?
> 
> when i connect with Outlook I got the same error.
> 
> Thanks a lot...

Hi Michael,

sorry for the delay in responding.

I could be wrong but it appears that it is s_client that is having trouble
virifying the certificate, not perdition.  Perhaps you need to teach
s_client about EntrustSecureServerCA.crt and AAACertificateServices_2.crt ?

-- 
Simon Horman
  VA Linux Systems Japan K.K., Sydney, Australia Satellite Office
  H: www.vergenet.net/~horms/             W: www.valinux.co.jp/en

More information about the Perdition-users mailing list