According to that, your client cert isn't self-signed.
It is apparently signed by the same company, which isn't
the same thing; in X.509 and SSL, self-signed means that
the cert Subject and Issuer,and specifically the subject
KEY and the issuing/signing KEY, are EXACTLY the same.
What
From: owner-openssl-us...@openssl.org On Behalf Of jason.ting
Sent: Monday, 29 November, 2010 02:15
[server rejects client cert]. Look at the server CertReq to see
if it is asking for particular CA(s) and if so whether the cert
your client is using is issued by that CA (or one of them).
The server doesn't think so. Look at the server CertReq to see
if it is asking for particular CA(s) and if so whether the cert
your client is using is issued by that CA (or one of them).
Also check whether it is directly under or chained;
if the latter I don't think commandline s_client can do
From: owner-openssl-us...@openssl.org On Behalf Of jason.ting
Sent: Thursday, 25 November, 2010 04:16
... I am a client and the SSL server is being managed
by a 3rd party. When i try ...
openssl s_client -connect i5.paywide.nps.comm.com:9001 -CAfile
verisignVB.pem -cert L2009080526.crt -key