我正在帮助解决连接ADFS服务器的问题 由于我的专业领域包括linux,我运行了以下命令 - 几乎我改变了IP地址 -
OpenSSL> s_client -connect 106.678.123.456:636 -showcerts
..
CONNECTED(00000003)
depth=0
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0
verify error:num=27:certificate not trusted
verify return:1
depth=0
verify error:num=21:unable to verify the first certificate
verify return:1
显然,ADFS应该采取措施,以便上述命令运行时没有错误。 但是什么? 有人可以帮忙吗?
编辑:
我在这里发了一篇帖子
"verify error:num=20" when connecting to gateway.sandbox.push.apple.com
这表明我花了很多时间远离openssl输出
让我解决下面的问题
只进行了4次更改 - IP已更改,标识公司的3个字母已更改为XYZ - i:/DC=local/DC=RDM/CN=XYZ-SVR019-CA加上
出于隐私原因,我删除了一些实际证书和Master-Key
主题真的是空的
openSSL> s_client -connect 106.678.123.456:636 -showcerts
CONNECTED(00000003)
depth=0
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0
verify error:num=27:certificate not trusted
verify return:1
depth=0
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:
i:/DC=local/DC=RDM/CN=XYZ-SVR019-CA
-----BEGIN CERTIFICATE-----
MIIFljCCBH6gAwIBAgITcAAAADmcA9tVRxdmtwAAAAAAOTANBgkqhkiG9w0BAQUF
...
YwWjkDS6RqBf+9C4rEIhhUpYBqMlLh0Cy7xYUMR2moEPYSBQ6HxCLSgv
-----END CERTIFICATE-----
Server certificate
subject=
issuer=/DC=local/DC=RDM/CN=XYZ-SVR019-CA
---
No client certificate CA names sent
---
SSL handshake has read 1655 bytes and written 619 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : AES128-SHA256
Session-ID: 6B25000069CFD515953FDDDE1C3A3560DBE74FC271CA525BDA7BD2348C7F47F5
Session-ID-ctx:
Master-Key: C4......9A
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1467282145
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)