SSL Certificate error, failed to verify the generated self-signed certificate from Domino App Dev Pack 1.10.1.3

Question

I used the make_certs.cmd from Domino App Dev Pack 1.0.12-2786 to create the Root self-signed certificate.

@REM Creates CA cert and private key
:create_root
    set LOG=CREATE_ROOT:
    if exist ca.key echo ca.key already exists, skipping&exit /B 0
    if exist ca.crt echo ca.crt already exists, skipping&exit /B 0

    call :log %LOG% Generate ROOT private key
    echo on
    openssl genrsa -passout "%ROOT_PASSWORD%" -des3 -out ca.key 4096 || exit /B 1
    @echo off

    call :log %LOG% Generate ROOT self-signed certificate
    echo on
    openssl req -passin "%ROOT_PASSWORD%" -new -x509 -days %ROOT_VALIDITY% -key ca.key -out ca.crt -subj "%ROOT_SUBJECT%" -sha256 || exit /B 1
    @echo off

    exit /B 0

However, I used to tutorial scripts to verify, it result the following error.

C:\Certs>openssl s_client -connect serv.org.com:3002 --quiet -CAfile C:\Certs\ca.crt

depth=1 O = Proton, CN = Proton Certificate Authority verify error:num=19:self-signed certificate in certificate chain verify return:1 depth=1 O = Proton, CN = Proton Certificate Authority verify return:1 depth=0 O = Proton, CN = 192.168.176.130 verify return:1 10090000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:ssl\record\rec_layer_s3.c:309:

I have remove the --"Quiet" command, 04130000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:ssl\record\rec_layer_s3.c:309:

What your meaning that verify return 19, it does not affect I used it as the SSL certificate for IAM Service at Pilot mode.

C:\Certs>openssl s_client -connect serv.org.com:3002 -CAfile C:\Certs\ca.crt
CONNECTED(00000188)
depth=1 O = Proton, CN = Proton Certificate Authority
verify error:num=19:self-signed certificate in certificate chain
verify return:1
depth=1 O = Proton, CN = Proton Certificate Authority
verify return:1
depth=0 O = Proton, CN = 192.168.176.130
verify return:1
04130000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:ssl\record\rec_layer_s3.c:309:
---
Certificate chain
 0 s:O = Proton, CN = 192.168.176.130
   i:O = Proton, CN = Proton Certificate Authority
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jun 27 04:22:03 2022 GMT; NotAfter: Jun 29 04:22:03 2023 GMT
 1 s:O = Proton, CN = Proton Certificate Authority
   i:O = Proton, CN = Proton Certificate Authority
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: Jun 27 04:22:03 2022 GMT; NotAfter: Jun 26 04:22:03 2032 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFFTCCAv2gAwIBAgIQC09HzlVL87ipWFZQhJdh0jANBgkqhkiG9w0BAQsFADA4
...
-----END CERTIFICATE-----
subject=O = Proton, CN = 192.168.176.130
issuer=O = Proton, CN = Proton Certificate Authority
---
Acceptable client certificate CA names
O = Proton, CN = Proton Certificate Authority
Client Certificate Types: RSA sign, ECDSA sign
Requested Signature Algorithms: ECDSA+SHA256:RSA-PSS+SHA256:RSA+SHA256:ECDSA+SHA384:RSA-PSS+SHA384:RSA+SHA384:RSA-PSS+SHA512:RSA+SHA512:RSA+SHA1
Shared Requested Signature Algorithms: ECDSA+SHA256:RSA-PSS+SHA256:RSA+SHA256:ECDSA+SHA384:RSA-PSS+SHA384:RSA+SHA384:RSA-PSS+SHA512:RSA+SHA512
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 3405 bytes and written 487 bytes
Verification error: self-signed certificate in certificate chain
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID:
    Session-ID-ctx:
    Master-Key: 29ABAD62B56FDFDABC7C7DBFBE310BF2DF66F941D2DBAC31A9B02DD6B8C6DEC353116CABEB0FED3F056A6F8E084BAF01
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1657089585
    Timeout   : 7200 (sec)
    Verify return code: 19 (self-signed certificate in certificate chain)
    Extended master secret: yes
---

results keys and certificates of make_certs.cmd

At the Domino Server, there are related error message, shown in the screen.

[13B0:0009-1034] 2022/07/13 下午 07:38:52  PROTON: GRPC Error: No match found for server name: serv.org.com.
[13B0:0009-1034] 2022/07/13 下午 07:38:52  PROTON: GRPC Error: Handshake failed with fatal error SSL_ERROR_SSL: error:100000c0:SSL routines:OPENSSL_internal:PEER_DID_NOT_RETURN_A_CERTIFICATE.
[13B0:0009-1034] 2022/07/13 下午 07:39:50  PROTON: GRPC Error: No match found for server name: serv.org.com.
[13B0:0009-1034] 2022/07/13 下午 07:39:50  PROTON: GRPC Error: Handshake failed with fatal error SSL_ERROR_SSL: error:100000c0:SSL routines:OPENSSL_internal:PEER_DID_NOT_RETURN_A_CERTIFICATE.
[0384:0002-03C8] 2022/07/13 下午 07:40:04  AMgr: Error executing agent 'DeleteExpiredDocs' in 'iam-store.nsf'. Agent signer 'Domino Template Development/Domino': You are not authorized to perform that operation
[0438:0002-132C] 2022/07/13 下午 07:41:36  Admin Process: Searching Administration Requests database
[13B0:0009-1034] 2022/07/13 下午 07:43:31  PROTON: GRPC Error: No match found for server name: serv.org.com.
[13B0:0009-1034] 2022/07/13 下午 07:43:31  PROTON: GRPC Error: Handshake failed with fatal error SSL_ERROR_SSL: error:100000c0:SSL routines:OPENSSL_internal:PEER_DID_NOT_RETURN_A_CERTIFICATE.