On Mon 2008-05-19 10:05:04 -0400, Ben Goldsbury wrote: > I have a valid wildcard certificate purchased from Godaddy. This > certificate has the normal cert/key and an issuing certificate. The > issuing certificate is actually a chain of 3 certificates.
I haven't had a chance to test this myself, but it sounds to me like
you're having a problem with certificate chaining, not with the
wildcard itself. In particular, it sounds like your gnutls-cli
instance can't complete the trust path from the offered certificate to
one of its trusted CAs because it lacks information about the
intermediate CAs.
> Using openssl's tools, I am able to create a valid server/client
> relationship.
Could you post an example of openssl commands you used which
succeeded?
I suspect what you'll need to do is to add the intermediate
certificates to server.crt (i dunno if they should go above or below
the host's certificate) before invoking gnutls-serv, so that they'll
be offered to complete the trust path.
the --x509cafile option for gnutls-serv is there to verify client
certificates, and (afaik) isn't used to select intermediate certs to
send on during the server certificate validation phase of connection
negotiation.
hth,
--dkg
pgp6fdVgkOyB3.pgp
Description: PGP signature
_______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
