opensslを使用した、検証されない証明書の識別 - Advanced SQL Engine

opensslを使用した、検証されない証明書の識別 - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engineセキュリティ管理ガイド

Product

Advanced SQL Engine

Teradata Database

Release Number

17.05

17.00

Published

2020年9月

Language

日本語

Last Update

2021-03-30

dita:mapPath

ja-JP/ied1556235912841.ditamap

dita:ditavalPath

ja-JP/ied1556235912841.ditaval

dita:id

B035-1100

Product Category

Software

Teradata Vantage

検証エラー:num=20が生じた場合、opensslを使用して、証明書チェーンを表示することができます。出力は、証明書のない発行者で終了するチェーンを表示します。その例を以下に示します:

depth=1 /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
verify error:num=20:unable to get local issuer certificate
verify return:0
CONNECTED(00000003)
---
Certificate chain
 0 s:/C=US/ST=California/L=El Segundo/O=Teradata/OU=Domain Controllers/CN=sussan140.td.teradata.com
   i:/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
-----BEGIN CERTIFICATE-----
…snipped…
-----END CERTIFICATE-----
 1 s:/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSig
    i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority-----BEGIN CERTIFICATE-----
…snipped…
-----END CERTIFICATE------
Server certificate
subject=/C=US/ST=California/L=El Segundo/O=Teradata/OU=Domain Controllers/CN=sussan140.td.teradata.com
issuer=/O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
---
Acceptable client certificate CA names /C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification Authority - G2/OU 
 =(c)1998 VeriSign,Inc.-For authorized use only/OU=VeriSign Trust Network 
 /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network 
 /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority 
 /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority 
 /C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification Authority 
 /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network 
 /OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority/DC=com/DC=microsoft/CN=Microsoft Root Certificate Authority---
SSL handshake has read 5299 bytes and written 312 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Compression: NONE
Expansion: NONE

エラーは深さが1、つまり証明書チェーンを1つ下った証明書で発生し、opensslは証明書を検証できませんでした。このエラーは、opensslが発行者証明書あるいは受け入れ可能なクライアント証明書を見つけられなかったことを示しています。