SSL handshake fails with - a verisign chain certificate - that contains two CA signed certificates and one self-signed certificate

Question

I am stuck with a issue and trying to debug it. We purchased a Verisign certificate. When we use:

openssl> s_client -connect myweb.com:443 -showcerts
         


        

Answer 1

When you see "Verify return code: 19 (self signed certificate in certificate chain)", then, either the servers is really trying to use a self-signed certificate (which a client is never going to be able to verify), or OpenSSL hasn't got access to the necessary root but the server is trying to provide it itself (which it shouldn't do because it's pointless - a client can never trust a server to supply the root corresponding to the server's own certificate).

Again, adding -showcerts will help you diagnose which.