OpenSSL is a widely used open-source toolkit that implements SSL and TLS protocols for secure communication over networks. However, it is not uncommon to encounter errors when configuring or using OpenSSL. One such error is the OpenSSL error 14090086, also known as the SSL3 Get Server Certificate Verification Failure.
This guide will help you resolve this error by providing a step-by-step solution. We will also cover some frequently asked questions to help you better understand the issue and its solutions.
Table of Contents
Understanding OpenSSL Error 14090086
Error 14090086 is an SSL3 Get Server Certificate Verification Failure that occurs when the client is unable to verify the server's SSL/TLS certificate. This error can be caused by various factors, including:
- An expired or invalid server certificate
- Incorrect server configuration
- Issues with the client's trust store or certificates
- Network issues
- Bugs in the OpenSSL library
Understanding the root cause of the error is essential for resolving it. The following step-by-step guide will help you identify and fix the issue.
Step-by-Step Guide to Resolve the Error
Step 1: Check the Server Certificate
First, ensure that the server has a valid SSL/TLS certificate. You can use the following OpenSSL command to check the certificate details:
openssl s_client -connect example.com:443 -servername example.com -showcerts
Replace example.com with your domain name. If the certificate is invalid or expired, you will need to obtain a new one from a Certificate Authority (CA).
Learn how to generate a new SSL certificate
Step 2: Verify the Server Configuration
Next, check the server configuration to ensure that it is set up correctly. This includes verifying that the correct certificate and private key files are being used and that the SSL/TLS protocols and cipher suites are properly configured.
Refer to your server's documentation for detailed instructions on configuring SSL/TLS:
Step 3: Update the Client's Trust Store
If the server certificate and configuration are correct, the issue may be with the client's trust store. The trust store contains trusted CA certificates that the client uses to verify the server's certificate. Ensure that the trust store includes the necessary CA certificates.
Refer to your client's documentation for instructions on updating the trust store:
Step 4: Troubleshoot Network Issues
Network issues, such as firewalls or proxies, can also cause the error 14090086. Ensure that the client can connect to the server through the appropriate ports and that there are no network devices blocking the connection.
Step 5: Update the OpenSSL Library
Finally, if none of the above steps resolve the issue, consider updating the OpenSSL library to the latest version. This can help to fix any bugs or vulnerabilities that may be causing the error.
Download the latest OpenSSL version
FAQs
1. What is OpenSSL error 14090086?
Error 14090086, also known as the SSL3 Get Server Certificate Verification Failure, occurs when the client is unable to verify the server's SSL/TLS certificate.
2. What causes OpenSSL error 14090086?
This error can be caused by various factors, including an expired or invalid server certificate, incorrect server configuration, issues with the client's trust store or certificates, network issues, or bugs in the OpenSSL library.
3. How can I check if my server's SSL certificate is valid?
You can use the following OpenSSL command to check the certificate details:
openssl s_client -connect example.com:443 -servername example.com -showcerts
Replace example.com with your domain name.
4. How do I update my client's trust store?
Refer to your client's documentation for instructions on updating the trust store, such as Mozilla NSS, Java Keytool, or Microsoft Windows.
5. How do I update the OpenSSL library?
You can download the latest OpenSSL version from the official website and follow the installation instructions for your operating system.