Important: Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

The root CA certificate is not trusted for this purpose



  • Hello! I'm implementing a client/server application on QT using OS system: until now I used a QTcp Socket and now I'm trying to pass to a QSsl Socket.
    In order to allow the server authentication by the client I generated a self-signed CA certificate with common name "SERVER" and a certificate. for the server issued by the custom CA and with a common name "127.0.0.1" to allow the binding with the localhost address.

    On the server I set the local certificate and the local key before the handshake and I set the Verification mod to none through

    m_serverSocket->setPrivateKey(key);
    m_serverSocket->setLocalCertificate(cert);
    m_serverSocket->setPeerVerifyMode(QSslSocket::VerifyNone);
    

    To add the CA certificate to the client I tried two approaches:
    the first based on the addCertificate method of the QSslSocket class reading the certificate directly from the .pem:

     m_clientSocket->addCaCertificates(QSslConfiguration::systemCaCertificates());
    

    and the second one adding the custom CA certificate to the system certificate on the Mac OS and setting the trustability to "Always Trusted".
    In both the cases the certificate seems to be correctly added in the client certificates as it is printed out by the following function:

    for (QSslCertificate x: m_clientSocket->sslConfiguration().caCertificates()){
    
            qDebug()<<"\n Common Name: "<<x.issuerInfo(QSslCertificate::CommonName)<<" SubjectName: "<<x.subjectInfo(QSslCertificate::CommonName);
        }
    

    The verification mode of the client is set to VerifyPeer.

    The problem is that the handshake doesn't succeed and the connection is closed after the failure. This error is printed out:

    The root CA certificate is not trusted for this purpose
    

    What am I doing wrong?


Log in to reply