Jks converted to Pem error in veirfying

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Jks converted to Pem error in veirfying

anilmathew001
I am a novice in terms of ssl and hence have limited knowledge in this.
Please help

I have been a given a jks file that has server certificate, client
certificate and a key for the client certificate.  I need to convert it to
pem to use it in my application.

I have converted a jks file to p12 and then to pem.
However when i try to verify i get the following error.

echo |openssl verify -verbose -purpose sslclient -issuer_checks -CApath
C:\Data\Openssl\demoCA\certs -CAfile client.pem client.pem
client.pem: /CN=cn/O=o/L=L/ST=il/C= c
error 29 at 0 depth lookup:subject issuer mismatch
/CN=cn/O=o/L=L/ST=il/C= c
error 29 at 0 depth lookup:subject issuer mismatch
/CN=cn/O=o/L=L/ST=il/C= c
error 29 at 0 depth lookup:subject issuer mismatch
/CN=cn/O=o/L=L/ST=il/C= c
error 29 at 0 depth lookup:subject issuer mismatch
/CN=cn/O=o/L=L/ST=il/C= c
error 20 at 0 depth lookup:unable to get local issuer certificate

Regards
Anil


















Sent with MailTrack

_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Jks converted to Pem error in veirfying

Jan Just Keijser-2
Hi,

On 10/01/16 05:15, Anil Mathew wrote:
I am a novice in terms of ssl and hence have limited knowledge in this.
Please help

I have been a given a jks file that has server certificate, client
certificate and a key for the client certificate.  I need to convert it to
pem to use it in my application.

I have converted a jks file to p12 and then to pem.
However when i try to verify i get the following error.

echo |openssl verify -verbose -purpose sslclient -issuer_checks -CApath
C:\Data\Openssl\demoCA\certs -CAfile client.pem client.pem
client.pem: /CN=cn/O=o/L=L/ST=il/C= c
error 29 at 0 depth lookup:subject issuer mismatch
/CN=cn/O=o/L=L/ST=il/C= c
error 29 at 0 depth lookup:subject issuer mismatch
/CN=cn/O=o/L=L/ST=il/C= c
error 29 at 0 depth lookup:subject issuer mismatch
/CN=cn/O=o/L=L/ST=il/C= c
error 29 at 0 depth lookup:subject issuer mismatch
/CN=cn/O=o/L=L/ST=il/C= c
error 20 at 0 depth lookup:unable to get local issuer certificate

this could be a PRINTABLE_STRING  / UTF8_STRING mismatch - can you send me the certificates (not the key!) via private email and I will have a look. There are some funky options you can add to openssl to see how the certificate is composed.

Also, it would help to list the exact version of openssl that you are using (run 'openssl version').

HTH,

JJK


_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Jks converted to Pem error in veirfying

anilmathew001
Hi Jan,
Thanks for you reply.  I have sent you the mail with the certificates.  The version is.
OpenSSL 0.9.8k 25 Mar 2009

​Regards
Anil​


















Sent with MailTrack

On Tue, Jan 12, 2016 at 2:02 AM, Jan Just Keijser <[hidden email]> wrote:
Hi,

On 10/01/16 05:15, Anil Mathew wrote:
I am a novice in terms of ssl and hence have limited knowledge in this.
Please help

I have been a given a jks file that has server certificate, client
certificate and a key for the client certificate.  I need to convert it to
pem to use it in my application.

I have converted a jks file to p12 and then to pem.
However when i try to verify i get the following error.

echo |openssl verify -verbose -purpose sslclient -issuer_checks -CApath
C:\Data\Openssl\demoCA\certs -CAfile client.pem client.pem
client.pem: /CN=cn/O=o/L=L/ST=il/C= c
error 29 at 0 depth lookup:subject issuer mismatch
/CN=cn/O=o/L=L/ST=il/C= c
error 29 at 0 depth lookup:subject issuer mismatch
/CN=cn/O=o/L=L/ST=il/C= c
error 29 at 0 depth lookup:subject issuer mismatch
/CN=cn/O=o/L=L/ST=il/C= c
error 29 at 0 depth lookup:subject issuer mismatch
/CN=cn/O=o/L=L/ST=il/C= c
error 20 at 0 depth lookup:unable to get local issuer certificate

this could be a PRINTABLE_STRING  / UTF8_STRING mismatch - can you send me the certificates (not the key!) via private email and I will have a look. There are some funky options you can add to openssl to see how the certificate is composed.

Also, it would help to list the exact version of openssl that you are using (run 'openssl version').

HTH,

JJK


_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users




--
Best Regards
Anil Mathew

_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users