gsoap c++ SSL certificate verification failed whe...

praveenps · ‎02-18-2010

Hi,

I`am getting the following error when the sample client application tries to connect VCenter.

I have copied the "rui.crt" file from VCenter (C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\SSL) to the client machine. The client is linux box. I tried after re-generating the certificates at VCenter, but the error persists. Used the following link to regenrate the certs.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=100909...

SOAP 1.1 fault: SOAP-ENV:Client

"SSL_ERROR_SSL

error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"

Detail: SSL_connect error in tcp_connect()

The same code works perfectly when connecting to ESX host using ESX hosts certificate.

Thanks,

--Praveen

stumpr · ‎02-19-2010

Praveen,

This looks similar to this issue. It looks like the rui.crt uses an intermediate certificate. I did an openssl verify on the rui.crt from my vCenter 4.0 installation.

I suspect VMware used the same logic to generate the vCenter certificate as was used on the host. I'm not sure you can retrieve the intermediate certificate, however, I'll have to look through the vCenter installation to see if its somewhere accessible.

You can probably resolve this issue by generating your own self-signed certificate.

Essentially the intermediate certificate isn't in the rui.crt file and the strict checking of the openssl library is preventing your connection.

stumpr.

Reuben Stump | http://www.virtuin.com | @ReubenStump

praveenps · ‎02-24-2010

Hi Stumpr,

I triend the details mentioned by you in the other thread, by modifying the /sbin/generate-certificate.sh script.

After doing that i`am getting the same error. I`am trying to connect to ESX 4.0 host.

ON ESX 4.0 HOST

-

# openssl verify /etc/vmware/ssl/rui.crt.new

/etc/vmware/ssl/rui.crt.new: /O=VMware Installer

error 18 at 0 depth lookup:self signed certificate

OK

ON LINUX BOX from where i`am trying to run the client application.

# openssl verify /certs/esx40/rui.crt.new

/certs/esx40/rui.crt.new: /O=VMware Installer

error 18 at 0 depth lookup:self signed certificate

/O=VMware Installer

error 9 at 0 depth lookup:certificate is not yet valid

Could you please suggest what is going wrong? Is this beacuse of the libssl version?

Thanks,

--Praveen

stumpr · ‎02-24-2010

error 9 at 0 depth lookup:certificate is not yet valid

This is a different type of error. Check the dates on the certificate, any chance you created it ahead of the actual clock on the ESX host?

Reuben Stump | http://www.virtuin.com | @ReubenStump

praveenps · ‎02-25-2010

Thanks stumpr!

yes, the date of the machine was an issue.

For VC i generated the certificate and it worked.

All

gsoap c++ SSL certificate verification failed when connecting to VCenter