Forum Discussion
bluepet_10591
Jun 17, 2011Altostratus
Got the client cert, test it out with the trusted bundle certificate that I had (original)
got this error when I did this
openssl verify -purpose sslclient -CAfile mybundle.crt client.crt
error 20 at 0 depth lookup:unable to get local issuer certificate
add the intermediate cert from thawte into the mybundle.crt
openssl verify -purpose sslclient -CAfile mybundle+intermediate.crt client.crt
error 2 at 1 depth lookup:unable to get issuer certificate
install the verisign cert into the bundle and got it to work
client.crt : ok
note client cert is as follow
verisign
-- thawte
-----client.domain.cert
so looked like you need to install all the cert in the chain if it is missing in your current trusted cert namely
paste the cert from verisign & thawte into your current bundle. Tested it and it does not matter the order of you pasted them
namely cat verisign.crt >> mybundle.crt and then cat thawte.crt >> mybundle.crt
You need to view and export the certificate from der format to pem first to get it into clear text. The chain certificates comes together with the client cert.