Openssl : error "self signed certificate in certificate chain"

c linux openssl ssl-certificate verify
Lunar Mushrooms picture Lunar Mushrooms · Aug 29, 2012 · Viewed 159.7k times · Source

When I used openssl APIs to validate server certificate (self signed), I got following error :

error 19 at 1 depth lookup:self signed certificate in certificate chain

As per openssl documentation, this error (19) is

"X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: self signed certificate in certificate chain - the certificate chain could be built up using the untrusted certificates but the root could not be found locally."

Why this error occurs ? Any problems with my server certificate ?

Answer

Eitan T picture Eitan T · Aug 29, 2012

You have a certificate which is self-signed, so it's non-trusted by default, that's why OpenSSL complains. This warning is actually a good thing, because this scenario might also rise due to a man-in-the-middle attack.

To solve this, you'll need to install it as a trusted server. If it's signed by a non-trusted CA, you'll have to install that CA's certificate as well.

Have a look at this link about installing self-signed certificates.

Related questions

How to compile .c file with OpenSSL includes?

I am trying to compile a small .c file that has the following includes: #include <openssl/ssl.h> #include <openssl/rsa.h> #include <openssl/x509.h> #include <openssl/evp.h> In the …

Read More
Build OpenVPN with specific OpenSSL version

Similar questions have been asked before, but the answers no longer seem to apply as the flags have changed for the configure script. I am trying to compile OpenVPN from the git source on Ubuntu 14.04.5 on both x86 and x64. …

Read More
validating X.509 certificate on linux

I have just started working with X.509 certificates. Can any one tell me how to go about validating a certificate on linux? The use case is that my app had downloaded a certificate in a previous session and I have …

Read More