Self signed certificate being flagged as a error.

Charles Swiger cswiger at
Wed May 13 18:37:51 UTC 2015

On May 12, 2015, at 6:02 PM, Ernie Luzar <luzar722 at> wrote:
[ ... ]
> Then I did this command using the certificate outputted  by the  above openssl verify cacert.pem
> cacert.pem: C =US, ST = PA, L = Pittsburgh, CN  =  *
> error 18 at 0 depth lookup:self signed certificate
> ok
> Why does openssl think this is a error and how can I fix this so it will work?

It means that your CA isn't trusted by openssl.

Update your openssl.cnf to reference your local CA setup, or feed openssl the
-CApath / -CAfile arguments to the CA cert which signed the self-signed cert that
you are trying to validate.

One doesn't normally validate the CA cert itself; it's the root of the trust chain
and either it is trusted explicitly or it isn't.  One normally validates certs which
have been signed by a CA; the CA cert should never be used for anything except signing
other certs.


More information about the freebsd-questions mailing list