How to verify a self-signed certificate from another server using openssl?

Posted by ntsue on Server Fault See other posts from Server Fault or by ntsue
Published on 2012-06-27T15:03:59Z Indexed on 2012/06/28 3:18 UTC
Read the original article Hit count: 470

Filed under:
|

I am new to openssl and I am having some trouble verifying (from a client machine) an ftp server using ssl with a self-signed certificate.

I generated the .cer file by going to my server in IIS and exporting the certificate without the private key. I believe that this is all that I should need on the client side, right?

I use the following code to verify the certificate

openssl verify ftp.cer

and the error that I get back is

error 20 at 0 depth lookup:unable to get local issuer certificate

I tried this as well:

openssl verify -CAfile ftp.cer ftp.cer

but received the same error.

From what I understand about SSL, this is happening because I have no chain of trust that connects to this server. By default, openssl did not install any trusted CAs and this is fine. I would just like to tell it to trust this server. I tried various tutorials telling me how to add a certificate authority, including this one here, however the instructions are for linux and include adding a symlink and I am trying to do this in windows.

If anyone could provide any guidance on how to do this, or enlighten me if I am not understanding something correctly, I would greatly appreciate it.

Thanks!

© Server Fault or respective owner

Related posts about Windows

Related posts about openssl