cURL / Mailing Lists / curl-library / Single Mail

curl-library

SSL CERT Verification

From: Sasikala Raju <sasikalaraju_at_commvault.com>
Date: Mon, 11 Apr 2016 06:57:41 +0000

Hello Team,

While establishing connection for https protocol , facing the issue with certification although ca bundle have cert required.
It's happening only in customer environment. Whereas all test machines are able to successfully verify the certificate.

Root Certificate required is Entrust Root Certification Authority - G2 and it does present in CA bundle provided. CA Bundle used in both machines is same.
Is there any reason its failing only in specific environment though CA bundle is same?

Cert hierarchy:

[cid:image001.png_at_01D193ED.8D551270]

Curl trace between succeeded one and failed one. Could you please help here?

Success one:

1528 da4 04/11 06:42:18 ### Public: == cURL Info: SSL: created a context.
1528 da4 04/11 06:42:18 ### Public: == cURL Info: successfully set certificate verify locations:
1528 da4 04/11 06:42:18 ### Public: == cURL Info: CAfile: D:\Program Files\Commvault\ContentStore\Base\curl-ca-bundle.crt
CApath: none
1528 da4 04/11 06:42:18 ### Public: == cURL Info: SSLv3, TLS handshake, Client hello (1):
1528 da4 04/11 06:42:18 ### Public: == cURL Info: SSLv3, TLS handshake, Server hello (2):
1528 da4 04/11 06:42:18 ### Public: == cURL Info: SSLv3, TLS handshake, CERT (11):
1528 da4 04/11 06:42:19 ### Public: == cURL Info: SSLv3, TLS handshake, Server key exchange (12):
1528 da4 04/11 06:42:19 ### Public: == cURL Info: SSLv3, TLS handshake, Server finished (14):
1528 da4 04/11 06:42:19 ### Public: == cURL Info: SSLv3, TLS handshake, Client key exchange (16):
1528 da4 04/11 06:42:19 ### Public: == cURL Info: SSLv3, TLS change cipher, Client hello (1):
1528 da4 04/11 06:42:19 ### Public: == cURL Info: SSLv3, TLS handshake, Finished (20):
1528 da4 04/11 06:42:19 ### Public: == cURL Info: SSLv3, TLS change cipher, Client hello (1):
1528 da4 04/11 06:42:19 ### Public: == cURL Info: SSLv3, TLS handshake, Finished (20):
1528 da4 04/11 06:42:19 ### Public: == cURL Info: SSL connection using ECDHE-RSA-AES256-SHA384
1528 da4 04/11 06:42:19 ### Public: == cURL Info: Server certificate:
1528 da4 04/11 06:42:19 ### Public: == cURL Info: subject: C=US; ST=New Jersey; L=Oceanport; O=Commvault Systems; CN=*.commvault.com
1528 da4 04/11 06:42:19 ### Public: == cURL Info: start date: 2015-05-27 14:30:01 GMT
1528 da4 04/11 06:42:19 ### Public: == cURL Info: expire date: 2018-07-25 22:34:19 GMT
1528 da4 04/11 06:42:19 ### Public: == cURL Info: subjectAltName: edc.commvault.com matched
1528 da4 04/11 06:42:19 ### Public: == cURL Info: issuer: C=US; O=Entrust, Inc.; OU=See www.entrust.net/legal-terms; OU=(c) 2012 Entrust, Inc. - for authorized use only; CN=Entrust Certification Authority - L1K
1528 da4 04/11 06:42:19 ### Public: == cURL Info: SSL certificate verify ok.

Failed one:

8584 1d74 04/07 09:42:06 ### Public: == cURL Info: SSL: created a context.
8584 1d74 04/07 09:42:06 ### Public: == cURL Info: successfully set certificate verify locations:
8584 1d74 04/07 09:42:06 ### Public: == cURL Info: CAfile: R:\Program Files\CommVault\Simpana\Base\curl-ca-bundle.crt -> This file does have Entrust Root Certification Authority - G2.
CApath: none
8584 1d74 04/07 09:42:06 ### Public: == cURL Info: SSLv3, TLS handshake, Client hello (1):
8584 1d74 04/07 09:42:06 ### Public: == cURL Info: SSLv3, TLS handshake, Server hello (2):
8584 1d74 04/07 09:42:06 ### Public: == cURL Info: SSLv3, TLS handshake, CERT (11):
8584 1d74 04/07 09:42:06 ### Public: == cURL Info: SSLv3, TLS alert, Server hello (2):
8584 1d74 04/07 09:42:06 ### Public: == cURL Info: SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
8584 1d74 04/07 09:42:06 ### Public: == cURL Info: Closing connection #0
8584 1d74 04/07 09:42:06 ### Public: == cURL Info: SSLv3, TLS alert, Client hello (1):

Thanks,
Sasikala Raju.

***************************Legal Disclaimer***************************
"This communication may contain confidential and privileged material for the
sole use of the intended recipient. Any unauthorized review, use or distribution
by others is strictly prohibited. If you have received the message by mistake,
please advise the sender by reply email and delete the message. Thank you."
**********************************************************************

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html

Received on 2016-04-11

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: SSL CERT Verification"
Previous message: JOHAN LANTZ: "Problem linking with openssl lib on Android"
Next in thread: Daniel Stenberg: "Re: SSL CERT Verification"
Reply: Daniel Stenberg: "Re: SSL CERT Verification"
Reply: Ray Satiro via curl-library: "Re: SSL CERT Verification"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]