On Thu, Jun 10, 2010, Chris Bare wrote: > I have 2 different certs with the same subject name in a CA dir: > > lrwxrwxrwx 1 chris chris 23 2010-06-10 14:35 0721e1e6.0 -> other.pem > lrwxrwxrwx 1 chris chris 18 2010-06-10 14:35 0721e1e6.1 -> ssl.pem > > when I try to establish an ssl connection: > > openssl s_client -verify 10 -connect example.com:443 -CApath same_names > > I get: > > Verify return code: 18 (self signed certificate) > > it appears to be choosing 0721e1e6.0, because if I delete that one, it works. > > Since there is no requirement that Subject Names be unique, is there a way to > make this work? >
Is that the only certificate in the chain or are there others? Those certificates need the subject key identifier extension and those issued the authority key identifier extension. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org