Menu
When I used openssl APIs to validate server certificate (self signed), I got following error :
error 19 at 1 depth lookup:self signed certificate in certificate chain
As per openssl documentation, this error (19) is
"X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain - the certificate chain could be built up using the untrusted certificates but the root could not be found locally."
Why this error occurs ? Any problems with my server certificate ?
687
If certificate verification fails when sending a request, Postman displays an error message in the response pane. To fix the error, turn off SSL verification for the request: Open the request and select the Settings tab. Select Enable SSL certificate verification to turn off this setting.
The error SELF_SIGNED_CERT_IN_CHAIN means that you have self signed certificate in certificate chain which is basically not trusted by the system.
You have a certificate which is self-signed, so it's non-trusted by default, that's why OpenSSL complains. This warning is actually a good thing, because this scenario might also rise due to a man-in-the-middle attack.
To solve this, you'll need to install it as a trusted server. If it's signed by a non-trusted CA, you'll have to install that CA's certificate as well.
Have a look at this link about installing self-signed certificates.
54
Here is one-liner to verify certificate to be signed by specific CA:
openssl verify -verbose -x509_strict -CAfile ca.pem certificate.pem
This doesn't require to install CA anywhere.
See How does an SSL certificate chain bundle work? for details and correct certificate chain handling.
39
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
