2
1
Summary
I need to download a self-signed certificate from a server, to create a .JKS-file to use as truststore in an application. How can I do that from a Red Hat server?
What I have tried
I have tried using openssl to get the certificate:
echo -n | openssl s_client -connect hostname.example.com:20000 -showcerts | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > downloadedcerts.cert
This fails with the following message:
verify error:num=19:self signed certificate in certificate chain
Indeed, the root certificate of this server is self signed, and not from a CA. I'm fine with this - the root cert belongs to a government agency in my country - but openssl won't connect to download the cert.
It would be easy to load the URL in Firefox, manually ignore the certificate error and download the cert, but I can't connect to the server from my desktop machine because of firewalls.
Any help would be much appreciated :)
I'm not creating the certificate myself. It is created by a government agency (which also runs the server I'm trying to connect to) so I really have to work with the existing certificate. – MW. – 2014-07-12T14:15:54.763
Sorry for not getting that when I "answered" the question. I'll try again with an edit. – ZuberFowler – 2014-07-12T23:16:25.933
"I hadn't been thinking of a root certificate as being self-signed" - All public CA roots are self signed. That means both the
Subject
andIssuer
are the same. Most (many?) public CAs are marked asCA=true,critical
. – jww – 2014-07-13T19:21:38.653