SSL errors: SSL routines:tls_process_server_certificate:certificate verify failed #119

shekharHPE · 2019-04-11T21:04:52Z

Client Code: --->

ctx, err := openssl.NewCtxFromFiles("./client_cert/public/client.crt", "./client_cert/private/client.key")
if err != nil {
log.Fatal(err)
}
err = ctx.LoadVerifyLocations("", "./public/server_cert")
if err != nil {
log.Fatal(err)
}
ctx.SetVerify(openssl.VerifyPeer, nil)
fmt.Println("here1:")
conn, err := openssl.Dial("tcp", "localhost:8443", ctx, 0)
fmt.Println("here2:")
if err != nil {
fmt.Println(err.Error())
return
}

Server Code: ----->
ctx, err := openssl.NewCtxFromFiles("./server_cert/public/server.crt", "./server_cert/private/server.key")
if err != nil {
log.Fatal(err)
}
err = ctx.LoadVerifyLocations("", "./public/client_cert")
if err != nil {
log.Fatal(err)
}
ctx.SetVerify(openssl.VerifyPeer, nil)
l, err := openssl.Listen("tcp", "localhost:8443", ctx)
if err != nil {
fmt.Println("Error listening:", err.Error())
os.Exit(1)
}
// Close the listener when the application closes.
defer l.Close()
for {
// Listen for an incoming connection.
conn, err := l.Accept()
if err != nil {
fmt.Println("Error accepting: ", err.Error())
os.Exit(1)
}
// Handle connections in a new goroutine.
go handleRequest(conn)
}
}

Server Certificate: ---------->
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
c0:8a:38:0c:37:1b:1b:60
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=*
Validity
Not Before: Apr 8 18:37:59 2019 GMT
Not After : Apr 5 18:37:59 2029 GMT
Subject: C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=*
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a9:a1:10:a7:13:45:3d:67:52:8f:af:32:29:a9:
9f:d8:76:72:f4:01:ab:5b:f2:d9:60:ca:e1:a7:6b:
b7:b3:6b:1c:e4:e4:e9:c6:ed:a6:f6:fb:65:b2:b7:
31:6c:fb:80:9b:d9:b3:40:c3:f6:82:00:b0:84:0d:
ba:da:b0:f5:62:3a:e3:b3:18:2c:33:6f:3a:95:66:
a6:0c:e3:b1:eb:01:97:36:29:16:be:16:0c:58:98:
ea:44:f8:48:25:08:5d:a7:d5:c9:16:d4:b0:c0:4d:
c9:44:13:98:aa:20:09:09:9f:0d:11:3e:c5:b1:27:
b2:2e:c7:f7:38:aa:f3:b5:4c:dd:c1:fa:a8:92:6b:
0f:25:0d:2a:aa:1e:b9:4d:57:3f:28:4d:ae:bb:0e:
b0:84:4c:89:04:8c:02:4d:2b:16:23:e5:81:73:08:
a9:4b:1e:81:08:a8:6e:8d:b1:28:cc:35:0d:0c:be:
31:fa:54:13:02:7b:74:28:6a:c1:c3:9d:99:94:c6:
6f:32:57:6f:13:12:f7:32:01:59:23:63:44:11:a8:
1c:68:a2:43:78:b3:07:b4:ed:3d:c9:55:4c:ba:12:
ac:08:15:98:75:34:8a:93:84:01:97:33:7a:fd:ce:
ce:5b:9e:29:17:0e:34:15:bd:aa:42:7c:a7:c1:c6:
c8:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:85:6D:F5:1C:42:59:0F:78:26:42:30:F5:6E:14:55:01:21:17:0F
X509v3 Authority Key Identifier:
keyid:C8:85:6D:F5:1C:42:59:0F:78:26:42:30:F5:6E:14:55:01:21:17:0F

        X509v3 Basic Constraints: 
            CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
     5e:de:bb:2f:cb:8e:e8:49:28:ad:86:f3:87:45:4f:a8:af:8d:
     94:45:a3:2b:7d:db:e9:cf:ff:7d:96:ef:6d:2a:8c:1b:69:ca:
     a9:73:8a:08:cc:bc:0a:2f:01:10:69:90:ad:54:7a:68:a5:c1:
     df:31:ba:ef:63:8f:9e:37:4a:21:f4:46:44:c1:bc:15:42:7c:
     b0:42:4b:d9:e3:20:8d:4d:6e:74:4f:5f:dc:76:60:32:42:52:
     a6:b2:c3:b7:bb:08:d4:92:6b:04:cd:46:d8:e9:18:f1:f4:08:
     9d:44:2c:cc:23:9a:43:06:7e:66:70:25:81:bc:ea:d4:8a:b6:
     52:ea:30:6b:ef:ad:34:d0:71:91:1f:b2:a8:f2:25:dd:48:b7:
     b6:c3:ea:f9:28:c4:72:e9:c1:be:98:c2:b3:40:ea:04:4e:84:
     2c:cf:fc:00:54:0e:2b:e0:9c:ea:87:5c:83:1e:ec:42:a5:6f:
     8c:0f:1d:7d:09:c5:f3:3e:ce:ea:12:0d:fa:25:99:98:e2:b0:
     c5:3b:88:7e:18:b7:7e:01:63:e8:fc:1f:f4:1d:14:e4:ce:22:
     1f:4f:df:e5:25:a9:57:10:21:89:d7:cf:0e:56:1e:9a:55:4e:
     c4:0f:0a:97:fd:63:4a:d4:bf:03:de:8e:88:97:ab:20:5d:fa:
     b2:7a:85:67

Client Certificate:------>
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
d7:1f:6e:64:86:af:1a:15
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=*
Validity
Not Before: Apr 8 18:38:33 2019 GMT
Not After : Apr 5 18:38:33 2029 GMT
Subject: C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=*
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:98:b8:a9:c1:dd:4e:50:2b:36:75:75:bf:4b:d9:
8e:54:90:1b:4e:fa:28:75:4a:40:e5:c7:48:d9:78:
f8:69:7d:90:c9:a7:46:bf:74:bb:30:63:1f:cb:c1:
eb:99:22:93:6a:b1:c3:27:42:e8:1a:06:ae:95:77:
bb:b2:5b:5d:33:81:39:b6:25:d6:58:be:c1:93:dc:
68:73:70:e6:2f:af:6a:c2:f9:1f:4f:1b:9d:22:82:
85:1a:c2:a8:28:3c:49:e5:ae:ee:cf:4b:a7:2d:81:
4a:b7:56:af:10:39:36:2d:7f:58:4d:c0:86:b6:d6:
84:7a:d2:db:6c:2e:03:1d:e2:60:90:7c:db:0c:20:
6d:30:60:c9:3b:f0:7d:3b:84:f8:5f:30:40:60:55:
15:74:1c:ca:cd:ff:da:c3:28:95:7b:06:c0:de:e6:
33:b7:4a:24:d6:31:7b:8d:4b:ee:10:39:2b:64:75:
33:8a:96:8f:b5:e5:b8:75:a8:2e:49:94:e5:d1:33:
7e:1c:78:98:02:13:7b:14:39:47:35:74:b3:fc:8d:
0d:1c:87:ce:5e:7a:35:1e:93:fe:ef:e0:84:34:7b:
f9:ac:52:db:9a:d0:1f:03:fe:4d:d6:f5:c3:a6:3c:
66:26:c9:b7:8d:49:56:57:a1:86:7f:1d:bd:12:0f:
4f:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5A:90:D3:E2:C1:1A:A8:8D:42:23:11:8F:59:86:A2:56:58:4E:0A:52
X509v3 Authority Key Identifier:
keyid:5A:90:D3:E2:C1:1A:A8:8D:42:23:11:8F:59:86:A2:56:58:4E:0A:52

        X509v3 Basic Constraints: 
            CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
     70:51:cd:35:42:34:12:c8:82:79:ae:97:8c:cd:dd:40:5a:0e:
     24:b5:49:0e:9e:ea:59:49:70:fc:52:d5:eb:d5:b7:f6:f7:db:
     b0:14:71:62:f7:52:23:dc:45:2c:fb:d3:da:54:63:63:a0:dd:
     14:61:28:33:c6:f9:63:44:40:88:55:33:85:05:16:fe:6e:3f:
     d4:62:b4:f1:c5:1d:e5:4e:67:7f:d8:d9:54:42:42:6e:b4:dd:
     26:96:0d:09:2a:6b:3a:d4:38:5e:8a:9d:33:04:a6:31:a5:8d:
     08:a0:d8:72:f9:69:63:54:c1:37:75:18:4d:17:5b:f8:42:71:
     eb:2c:6b:bc:b6:0e:85:23:33:52:c3:c2:f0:74:05:7a:9b:0a:
     ef:60:2d:43:ae:57:bb:91:70:b7:7a:3e:d5:c6:82:23:39:b5:
     0a:93:ef:3b:3d:7e:04:f6:70:2d:5d:c6:d6:81:ab:a3:33:dc:
     8c:8f:09:34:2a:bc:54:a4:77:9f:6e:d9:d8:6d:79:50:eb:8e:
     f2:79:f8:9b:87:61:ed:42:db:91:99:57:f1:8d:d6:e2:f9:19:
     23:c4:a1:a8:5d:29:3a:95:ac:7a:8e:59:f9:34:0d:45:93:18:
     93:b1:20:84:27:c9:19:b3:28:4b:fb:e3:c5:69:64:c0:0e:94:
     d2:5e:4d:84

What am I trying to achieve: ----->
A mutual certificate authentication between server and client, for which I need to use the VERIFY_PEER. But I am not sure if my code is correct or if I am missing something

Issue: ---->

I encounter "SSL errors: SSL routines:tls_process_server_certificate:certificate verify failed" error when I try to connect to the server.
Am I missing any steps or doing something wrong ?

Any help is appreciated!!

The text was updated successfully, but these errors were encountered:

shekharHPE · 2019-04-11T23:32:22Z

If anyone could share a code-snippet for Mutual Certificate authentication with Verify_Peer, even that would be helpful

slucx · 2019-06-15T09:23:33Z

conn, err := openssl.Dial("tcp", "localhost:8443", ctx, openssl.InsecureSkipHostVerification)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SSL errors: SSL routines:tls_process_server_certificate:certificate verify failed #119

SSL errors: SSL routines:tls_process_server_certificate:certificate verify failed #119

shekharHPE commented Apr 11, 2019

shekharHPE commented Apr 11, 2019

slucx commented Jun 15, 2019

SSL errors: SSL routines:tls_process_server_certificate:certificate verify failed #119

SSL errors: SSL routines:tls_process_server_certificate:certificate verify failed #119

Comments

shekharHPE commented Apr 11, 2019

shekharHPE commented Apr 11, 2019

slucx commented Jun 15, 2019