Hot chate gr - Validating identity unable to find a certificate

You can change the trust settings of certificates to allow specific actions.

The (cleaned up) ouput of the raw openssl command is as follows: depth=0 CN = smtpserver-ch-01 verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 CN = smtpserver-ch-01 verify error:num=21:unable to verify the first certificate verify return:1 CONNECTED(00000003) --- Certificate chain 0 s:/CN=smtpserver-ch-01 i:/CN=smtpserver-ch-01 --- Server certificate -----BEGIN CERTIFICATE----- *** CERTIFICATE DATA -----END CERTIFICATE----- subject=/CN=smtpserver-ch-01 issuer=/CN=smtpserver-ch-01 --- No client certificate CA names sent --- SSL handshake has read *** bytes and written *** bytes --- New, TLSv1/SSLv3, Cipher is AES128-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : AES128-SHA Session-ID: *** Session-ID-ctx: Master-Key: *** Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: *** Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- 250 XSHADOW Sending message to [email protected]; Attempt attempt 0 of 20...

key Store is : key Store type is : jks key Store provider is : init keystore init keymanager of type Sun X509 trust Store is: certs/cacerts_1.8.0_73 trust Store type is : jks trust Store provider is : init truststore adding as trusted cert: ** Standard certificates ** adding as trusted cert: Subject: CN=smtpserver-ch-01 Issuer: CN=smtpserver-ch-01 Algorithm: RSA; Serial number: ********************************** Valid from ddd MMM DD CEST 2013 until ddd MMM DD CEST 2018 adding as trusted cert: ** The rest of the standard certificates ** trigger seeding of Secure Random done seeding Secure Random Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false %% No cached client session *** Client Hello, TLSv1 Random Cookie: GMT: XXX bytes = Session ID: Cipher Suites: [TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] Compression Methods: Extension server_name, server_name: [host_name: exchange.***.com] *** main, WRITE: TLSv1 Handshake, length = ** main, READ: TLSv1 Handshake, length = *** *** Server Hello, TLSv1 Random Cookie: GMT: XXX bytes = Session ID: Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA Compression Method: 0 Extension renegotiation_info, renegotiated_connection: *** %% Initialized: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA] ** TLS_RSA_WITH_AES_128_CBC_SHA *** Certificate chain chain [0] = [ [ Version: V3 Subject: CN=smtpserver-ch-02 Signature Algorithm: SHA1with RSA, OID = 1.2.840.113549.1.1.5 Key: Sun RSA public key, xxx bits modulus: *** public exponent: *** Validity: [From: ddd MMM DD CEST 2013, To: ddd MMM DD CEST 2018] Issuer: CN=smtpserver-ch-02 Serial Number: [ xxx ] Certificate Extensions: 4 [1]: Object Id: Criticality=true Basic Constraints:[ CA:false Path Len: undefined ] [2]: Object Id: Criticality=false Extended Key Usages [ server Auth ] [3]: Object Id: Criticality=true Key Usage [ Digital Signature Key_Encipherment ] [4]: Object Id: Criticality=false Subject Alternative Name [ DNSName: smtpserver-ch-02 DNSName: smtpserver-ch-02.] ] Algorithm: [SHA1with RSA] Signature: *** SIGNATURE HEX DUMP *** ] *** %% Invalidated: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA] main, SEND TLSv1 ALERT: fatal, description = certificate_unknown main, WRITE: TLSv1 Alert, length = 2 main, called close Socket() main, handling exception: ssl. Validator Exception: PKIX path building failed:

Signature validity is determined by checking the authenticity of the signature’s digital ID certificate status and document integrity: In Acrobat or Reader, the signature of a certified or signed document is valid if you and the signer have a trust relationship.

The trust level of the certificate indicates the actions for which you trust the signer.

My router settings: ipconfig/all results from the XP box: Again, this card a week ago.

I can't figure out why I can't get it up and running now.

We're deploying a wireless networking using Windows Server 2008 NAC as a RADIUS server.

When Windows XP or 7 clients connect they initally fail to connect.

In order to enable the client to connect we have to add the network manually and un-check the "Validate server certificate" as shown in the screenshot below.

Comments are closed.