Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Get Qt Extensions
  • Unsolved
Collapse
Brand Logo
  1. Home
  2. Qt Development
  3. General and Desktop
  4. The root CA certificate is not trusted for this purpose
Forum Updated to NodeBB v4.3 + New Features

The root CA certificate is not trusted for this purpose

Scheduled Pinned Locked Moved Unsolved General and Desktop
1 Posts 1 Posters 653 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G Offline
    G Offline
    Giuseppe17
    wrote on last edited by
    #1

    Hello! I'm implementing a client/server application on QT using OS system: until now I used a QTcp Socket and now I'm trying to pass to a QSsl Socket.
    In order to allow the server authentication by the client I generated a self-signed CA certificate with common name "SERVER" and a certificate. for the server issued by the custom CA and with a common name "127.0.0.1" to allow the binding with the localhost address.

    On the server I set the local certificate and the local key before the handshake and I set the Verification mod to none through

    m_serverSocket->setPrivateKey(key);
    m_serverSocket->setLocalCertificate(cert);
    m_serverSocket->setPeerVerifyMode(QSslSocket::VerifyNone);
    

    To add the CA certificate to the client I tried two approaches:
    the first based on the addCertificate method of the QSslSocket class reading the certificate directly from the .pem:

     m_clientSocket->addCaCertificates(QSslConfiguration::systemCaCertificates());
    

    and the second one adding the custom CA certificate to the system certificate on the Mac OS and setting the trustability to "Always Trusted".
    In both the cases the certificate seems to be correctly added in the client certificates as it is printed out by the following function:

    for (QSslCertificate x: m_clientSocket->sslConfiguration().caCertificates()){
    
            qDebug()<<"\n Common Name: "<<x.issuerInfo(QSslCertificate::CommonName)<<" SubjectName: "<<x.subjectInfo(QSslCertificate::CommonName);
        }
    

    The verification mode of the client is set to VerifyPeer.

    The problem is that the handshake doesn't succeed and the connection is closed after the failure. This error is printed out:

    The root CA certificate is not trusted for this purpose
    

    What am I doing wrong?

    1 Reply Last reply
    0

    • Login

    • Login or register to search.
    • First post
      Last post
    0
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Get Qt Extensions
    • Unsolved