lynx-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev SSL error:Unable to get local issuer certificate-Continue?

From: Clemens Fischer
Subject: Re: lynx-dev SSL error:Unable to get local issuer certificate-Continue?
Date: 3 Dec 2002 04:48:56 +0100
User-agent: Gnus/5.090008 (Oort Gnus v0.08) Emacs/21.3.50 (i386-unknown-freebsd4.3) 
"Stef Caunter" <address@hidden>:

> # Still don't know where to put the unix .crt to have it accepted
> # by openssl and not generate the lynx2.8dev9 ssl error.

can't you just get the cert from the server?  you should be able to
use the public-key part of it.  the latest openssl-versions have not
only cert checking, but also revokation-list checking (CRLs).

> # copy the .crt cert to a dir
> # for a server.crt file to make it human readable do
> openssl asn1parse -in server.crt
> # to extract just the pubkey prime number
> # search this output for the number associated with BIT STRING
> # use it as an arg to -strparse like the next line
> openssl asn1parse -in server.crt -strparse 359

this asn-parsing shouldn't be neccessary at all, but for the
conversion of keymaterial into PEM format,

> # to convert the .crt file to a standard certfile that openssl likes
> openssl x509 -inform DER -in server.crt -outform PEM -out new_server.crt

... this is the way to go.  have you tried putting the resulting file
(which you should suffix .pem, btw) into /usr/local/ssl/certs and
rehashing that stuff by using .../ssl/bin/c_rehash?

  clemens

; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden
reply via email to
[Prev in Thread] Current Thread [Next in Thread]