• caglararli@hotmail.com
  • 05386281520

using stunnel or openssl to verify a remote certificate

Çağlar Arlı      -    33 Views

using stunnel or openssl to verify a remote certificate

I am using stunnel as a wrapper for using TLS/SSL to a remote port in Windows 10. My understanding is that stunnel uses openssl for the heavy lifting. Everything seems to be working, but I cannot get a verification on the certificate. So, to simplify things, I am trying to verify the certificate directly using openssl in command line mode. I fire up a powershell and change directory to where I have some certificates stored c:\Certificates
Next, I run openssl. At the openssl prompt, I type:

OpenSSL> verify Cert_Entrust.pem

The response is the following:

O = Entrust.net, OU = www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU = (c) 1999 Entrust.net Limited, CN = Entrust.net Certification Authority (2048)
error 18 at 0 depth lookup: self signed certificate
error Cert_Entrust.pem: verification failed
error in verify

I am trying to understand the nature of this error message. Given other things I have tried, it seems that the certificate authority is recognized. However, the error saying that there is a "self signed certificate" is mystifying, because my understanding is that every certificate chain has at root a self-signed certificate.

Any help here would be appreciated. It seems this should have a trivial solution, but it is certainly eluding me...