Friday, May 7, 2010

SSL_ERROR_SSL error:14090086:lib(20):func(144):reason(134)

"SSL_ERROR_SSL error:14090086:lib(20):func(144):reason(134)"
"SSL verify error or warning with certificate at depth 2: self signed"

certificate in certificate chain

Some services are started using Akamai CDN, Akamai has started using a new cert on the behalf of $WORK. This cert is signed by The USERTRUST network.

Basically, it is a trust problem: the client (the custom application) doesn't trust this CA or does have problems checking the chain of trust.

Many popular apps ship with root certs of CA's of major cert vendors. When you write your own app, you need to tell your app to trust the certification authorities of the servers you try to contact: that's what microsoft (for verifying code signatures), firefox, IE and Opera do.

In this case, the root cause is: custom apps dont trust this CA "The USERTRUST network". One way to fix is to add this CA's cert in that custom app. Or force the server to use a cert that is signed by a CA that is trusted by these custom apps.

Another work around: make ur app to ask forCertificateChainFile and verifiy it. Browsers support this option.

1 comment:

AJ said...

Thanks - great explanation. Can you point me to the resource where all the error codes associated are defined and explained ? Thanks in advance!