[ssh_x509] pkixssh-8.0b1 source pack

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Sat Mar 29 20:15:42 EET 2014

ssh_x509 at roumenpetrov.info wrote:
> I am getting following error with beta ecc complied package, please advice
> [SNIP]
> debug1: Host 'ssh-x509' is known and matches the ECDSA+cert host key.
> debug1: Found key in /root/.ssh/known_hosts:1
> debug3: ssh_x509_verify: signature format = x509v3-ecdsa-sha2-nistp256
> debug3: ssh_x509_verify: md=ecdsa-sha2-nistp256, loc=4
> debug3: ssh_x509store_verify_cert: for 'CN=ssh-x509.confidential.net
> ,OU=admin,O=confidential'
> ssh_x509store_cb:
> subject='CN=ssh-x509.confidential.net,OU=admin,O=confidential',
> error 20 at 0 depth lookup:unable to get local issuer certificate
> ssh_verify_cert: verify error, code=20, msg='unable to get local issuer
> certificate'
> debug3: ssh_x509store_verify_cert: return -1(error)
> debug3: ssh_x509_verify: return -1
> key_verify failed for server_host_key
a) Certificate cannot be self issued.
b) You could test certificates in you "x509 store" with openssl verify 
command with -CApath  and -CAfile pointing to the same locations as in 
ssh configuration .

I don't know you certificate chain to tell you where to put certificates 
from chain .

Where is issuer certificate of  of "CN=ssh-x509.confidential.net,OU=admin,O=confidential"  ? Is located in host key  or in client "x509 store" ?

> Regards,
> Mudassir Aftab

More information about the ssh_x509 mailing list