Skip to Content.
Sympa Menu

cat-users - Re: [cat-users] The server certificate could not be verified to the root CA you configured in your profile!

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

Re: [cat-users] The server certificate could not be verified to the root CA you configured in your profile!


Chronological Thread 
  • From: Stefan Winter <stefan.winter AT restena.lu>
  • To: Torkil Svensgaard <torkil AT drcmr.dk>, cat-users AT geant.net
  • Subject: Re: [cat-users] The server certificate could not be verified to the root CA you configured in your profile!
  • Date: Thu, 3 Sep 2015 05:51:35 +0200
  • List-archive: <http://mail.geant.net/pipermail/cat-users/>
  • List-id: "The mailing list for users of the eduroam Configuration Assistant Tool \(CAT\)" <cat-users.geant.net>

Hello,

> I'm in the process of setting up my institutions IdP and I'm getting
> the following error when doing the live login test:
>
> "
> Test FAILED: authentication succeded. Some configuration errors were
> observed; the list is below.
> ...
> The server certificate could not be verified to the root CA you
> configured in your profile!
> "
>
> I'm using self signed keys and the server certificate seems to verify
> as it should:
>
> "
> # openssl verify -CAfile ca.pem server.pem
> server.pem: OK
> "
>
> Is the error misleading or did I misunderstand something?

We haven't had false alerts with that one yet, so I'd think there is
something wrong/a bit special with your setup.

Did you mean to say self-signed *certificates*? I don't know what
self-signed *keys* would be.

If you did mean self-signed certs - that term is usually used when the
CA cert is identical to the server certificate. You have two different
file names in your command-line. So, is the CA different from the server?

Did you have any other errors or warnings besides this one?

Finally, it would help if you could attach the CA cert and server cert
so I can run some tests of my own

Greetings,

Stefan Winter

Attachment: signature.asc
Description: OpenPGP digital signature




Archive powered by MHonArc 2.6.19.

Top of Page