openssl issues (a tiny bit off topic)

From: Matty (
Date: 11/21/02

From: "Matty" <>
Date: Wed, 20 Nov 2002 19:35:06 -0500

Does anyone know where Verisign keeps their root certificates? I
am developing a script to test a secure website, and the following

openssl s_client -connect << EOF
GET / HTTP/1.0



[matty@pooh matty]$ openssl s_client -connect |more
depth=1 /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign
International Server CA - Class 3/ Ref.
verify error:num=20:unable to get local issuer certificate
verify return:0

I assume that the "unable to get local issuer certificate" is
telling me that it doesn't have the root cert to verify the
cert supplied by the server. Anyone know where Verisign keeps there root
certs? I have been browsing their website, and can't find squat.


Relevant Pages

  • Re: Verisign Managed PKI Browser Emulation Protocol
    ... > So you're comparing securing the root keypair of a complex CA hierarchy ... the whole idea of a private CA (including an MPKI one) ... stays secure but your client cert (I mean the one you log into MPKI ... So whatever Verisign is doing to secure their high level keys does ...
  • Re: crypt32
    ... And we need the root cert to verify their chains. ... > VeriSign Time Stamping CA OU = NO LIABILITY ACCEPTED, 97 VeriSign, Inc. ...
  • Re: Public Key on Enterprise CA
    ... 2000 or Windows Server 2003 Enterprise CA. ... I see that Verisign will sell ... > digital certificates for about $15 per user. ... > savings by managing your own subordinate CA with Verisign as the root CA ...
  • Re: Digital ID
    ... > server and then get a license from VeriSign to issue out their certificates. ... It means that you don't install your own root CA and a subordinate CA. ... You then issue your own S/MIME certificates. ... certificates, you're issuing your own. ...
  • Re: IIS4 no longer requests client certs issued by our CA!
    ... >It's still requesting certs, since on one PC it prompted for the VeriSign ... The Verisign Intermediate Root CA on your server has expired. ...