Question : Certificate chain verification fails with "verify error:num=19:self signed certificate in certificate chain"?

I purchased an SSL certificate from GoDaddy.com, and installed it on my domain at https://www.GiftsAtDesiHaat.com/. All looks and works fine except that the verification of the certificate chain says "verify error:num=19:self signed certificate in certificate chain". Would you happen to know why? This is causing failure of all my business transactions with Google Checkout. Here is what I am trying to verify the certificate chain:

$ openssl s_client -connect www.GiftsAtDesiHaat.com:443 -showcerts

CONNECTED(00000003)
depth=3 /L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
0 s:/O=www.GiftsAtDesiHaat.com/OU=Domain Control Validated/CN=www.GiftsAtDesiHaat.com
i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=########
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=########
i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
2 s:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority
i:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
3 s:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com
i:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy Validation Authority/CN=http://www.valicert.com//emailAddress=info@valicert.com
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
---
Server certificate
subject=/O=www.GiftsAtDesiHaat.com/OU=Domain Control Validated/CN=www.GiftsAtDesiHaat.com
issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=########
---
No client certificate CA names sent
---
SSL handshake has read 4857 bytes and written 462 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: 7ADC468CC1A3ED798A91B9351942D109815708341D9AB016DC5824292E5E68D7
Session-ID-ctx:
Master-Key: .....
Key-Arg : None
Start Time: 1254273536
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
closed

Answer : Certificate chain verification fails with "verify error:num=19:self signed certificate in certificate chain"?

All root certificates are self signed by definition, the one you trust you collect into directory by default that is /etc/ssl/certs although firefox & kde have a separate one.

the command should have been:

openssl s_client -connect www.GiftsAtDesiHaat.com:443 -showcerts -CApath /etc/ssl/certs

to be able to validate the root certificate.

Random Solutions

Is dynamic fixed IP secure for RDP connections?

configure Mutt to use remote SMTP/POP mail server.

Access Point or Bridge?

Remove Certificate Services

Low cost load balancing solution between two dsl connections and lan

Mutt no longer sends email

every email sent to address produces a "message was undeliverable result"

HP Procurve vs Cisco Catalyst

Workshop will not recognize QName in lib folder