mIRC Home    About    Download    Register    News    Help

Print Thread
SSL error unable to load certificate chain #242176 20/06/13 02:28 PM
Joined: Oct 2010
Posts: 27
D
Desolator Offline OP
Ameglian cow
OP Offline
Ameglian cow
D
Joined: Oct 2010
Posts: 27
Hello, myself and 5 other friends have been able to load a private key and certifitcate file made by our server admins for ssl fingerprint operlines, however, the last remaining friend is having this error message constantly.

Information:

tested mirc 7.32 7.27 7.22 and even 6.16 and all failed with the same error message.

She can connect with ssl when no certificate and key is loaded.
out of 40 attempts, it did successfully connect once, but after a disconnect the error message came back.

OS: windows 7 home edition 64bit

we installed the open ssl files into windows\system32 and into the mirc directory

There is no information on the internet about this error nor in the mirc help file, therefore i am here to ask for help

Re: SSL error unable to load certificate chain [Re: Desolator] #242205 23/06/13 12:49 PM
Joined: Oct 2010
Posts: 27
D
Desolator Offline OP
Ameglian cow
OP Offline
Ameglian cow
D
Joined: Oct 2010
Posts: 27
to update,

I tried installing the Visual C++ 2008 redistributables and again, same error message.

Khaled? agrv0? any idea what this issue is at all and how to fix it?

Re: SSL error unable to load certificate chain [Re: Desolator] #242209 24/06/13 07:46 AM
Joined: Dec 2002
Posts: 4,588
Khaled Offline
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 4,588
mIRC uses the SSL_CTX_use_certificate_chain_file() OpenSSL function to load the certificate chain file. The function lists the following as reasons why it might report an error:

Quote:
The certificate file does not exist or you do not have permission to read that file.
The certificate file that contains the certificate chain is not in PEM format.
If you loaded a private key file before issuing this function, the private key in that file does not match the corresponding public key in the certificate.

If the files are working for everyone apart from one particular person, it may be that there is something with that person's mIRC and/or Windows configuration that is causing the issue.

The SSL page on the mIRC website includes two versions of OpenSSL. If you delete all of the OpenSSL files from the Windows and mIRC folder and re-install them from the SSL page into the Windows folder, does one of those versions help resolve the issue?

Re: SSL error unable to load certificate chain [Re: Khaled] #242212 24/06/13 10:33 AM
Joined: Oct 2010
Posts: 27
D
Desolator Offline OP
Ameglian cow
OP Offline
Ameglian cow
D
Joined: Oct 2010
Posts: 27
Okie, So after following your instructions (deleteing all files and confirming sslready is false) i did the following but using
the same set up i have personally on my computer:

Using mirc 7.22 and openssl files 1.0.1c

installation to windows\system32 failed even as admin (meaning, it says successful but the files dont appear in the directory)

installation to a normal directory worked, cut paste into windows\system32 works however mirc returns sslready as false.

moving the ssl files into the mirc installtion folder (D:\mirc) makes mirc sslready to be true, however the error occurs it cant read the .pem file also located in D:\

Moving the ssl files and pem file into $mircdir (users\name\appdata\roaming\mirc) makes sslready to be false.

Last edited by Desolator; 24/06/13 10:37 AM.
Re: SSL error unable to load certificate chain [Re: Desolator] #242215 25/06/13 01:20 PM
Joined: Dec 2002
Posts: 4,588
Khaled Offline
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 4,588
If you use mIRC v7.32, you can type the following to see the SSL status as well as the locations of the DLLs that mIRC is loading:

Code:
//echo $ssl | echo $sslready | echo $sslversion | echo $ssldll | echo $ssllibdll

If you are using the OpenSSL installer on Windows 7 64bit, the files will be installed in Windows\SysWOW64 which is where Windows 7 stores 32bit DLLs. If you look in that folder, do you see the files there? If they are there, mIRC should pick them up automatically, as it does on my system.

That said, it sounds like you were able to set up everything so that $sslready is true, which means mIRC has loaded the OpenSSL DLLs. If you are using mIRC v7.22 and OpenSSL 1.0.1c on your computer and they are working for you, I cannot think of a reason why they would not work on your friend's computer, other than a Windows or other configuration issue.

Last edited by Khaled; 25/06/13 02:02 PM.
Re: SSL error unable to load certificate chain [Re: Khaled] #242222 26/06/13 11:34 AM
Joined: Oct 2010
Posts: 27
D
Desolator Offline OP
Ameglian cow
OP Offline
Ameglian cow
D
Joined: Oct 2010
Posts: 27
echos came back as follows:

$false
$true
1.0.1e
C:\Windows\system32\ssleay32.dll
C:\Windows\system32\libeay32.dll
7.32
--

The installer attempted to install the files into system32 so i changed it to SysWoW64 folder, the files are all there and NOT in system32.
--
After deleting the files and installing this time into system32 the echos returned this:

$false
$false
7.32
--
Re-installed into SysWoW64 directory, loaded the .pem file for the the key and certificate and the same error occured.

Re: SSL error unable to load certificate chain [Re: Desolator] #242223 26/06/13 11:36 AM
Joined: Oct 2010
Posts: 27
D
Desolator Offline OP
Ameglian cow
OP Offline
Ameglian cow
D
Joined: Oct 2010
Posts: 27
If mirc is loading the ssl files correctly and is able to connect to the server on SSL without any problems then this is a issue with the .pem file, however why is it that mirc cant read or load the .pem file correctly?

The file itself is located in the installation directory which is D:\mirc so there shouldnt be any read/loading issues?

Re: SSL error unable to load certificate chain [Re: Desolator] #242224 26/06/13 12:25 PM
Joined: Dec 2002
Posts: 4,588
Khaled Offline
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 4,588
Quote:
The installer attempted to install the files into system32 so i changed it to SysWoW64 folder, the files are all there and NOT in system32.

When I run the OpenSSL installer here under Windows 7 64bit, the installer defaults to the folder System32, which is correct. That is what it should do. It is Windows itself that translates this automatically to SysWoW64. I have tested this under three different computers with Windows 7 64bit and they all behave the same way, so I am not sure why your Windows installation is behaving differently. Perhaps someone else on the forums can test this out as well to see if they can reproduce this with the OpenSSL installer.

Re: SSL error unable to load certificate chain [Re: Desolator] #242225 26/06/13 12:33 PM
Joined: Dec 2002
Posts: 4,588
Khaled Offline
Hoopy frood
Offline
Hoopy frood
Joined: Dec 2002
Posts: 4,588
That is a good question. Unfortunately, I have no idea. If the same set of files is working for everyone else on their computers, the only reason I can think of for it not to work on this one particular computer is a Windows issue, or perhaps some other application, such as anti-virus software, is interfering in some way. If you manage to track down the cause of the issue, please let us know.

Re: SSL error unable to load certificate chain [Re: Khaled] #242268 27/06/13 04:20 PM
Joined: Oct 2010
Posts: 27
D
Desolator Offline OP
Ameglian cow
OP Offline
Ameglian cow
D
Joined: Oct 2010
Posts: 27
Heya,

So the case is now resovled although im not sure if this is something you can do on mirc.
Perhaps making a update to the help file will be the best option just incase.

She copied her certificate information incorrectly thus the RSA key didnt match the certificate and this gave the error, as mentioned, can you make mirc give a better response IF theres a mismatch? If not i think perhaps a post somewhere about it should help any additional people in the future.

Many thanks for your help Khaled!!