Your chain file includes the root certificate as well as the intermediate certificate. You should not be transmitting that one (though I think GnuTLS should ignore it and would regard it as a bug if it doesn't).
Cheers Rich. On 15 March 2012 11:57, Sven Geggus <[email protected]> wrote: > Hello, > > calling https://iad.iosb.fraunhofer.de/~geg/ using a Webbrowser gives me a > valid TLS connection. > > So does "gnutls-cli iad.iosb.fraunhofer.de -p 443" > > But calling the following dows not work: > gnutls-cli iad.iosb.fraunhofer.de -p 443 --x509cafile > /etc/ssl/certs/ca-certificates.crt > Processed 142 CA certificate(s). > Resolving 'iad.iosb.fraunhofer.de'... > Connecting to '153.96.8.17:443'... > *** Verifying server certificate failed... > *** Fatal error: Error in the certificate. > *** Handshake has failed > GnuTLS error: Error in the certificate. > > Is this a Bug in gnutls or a missconfiguration of my Apache Server? > > Sven > > -- > The source code is not comprehensible > (found in bug section of man 8 telnetd on Redhat Linux) > > /me is giggls@ircnet, http://sven.gegg.us/ on the Web > > _______________________________________________ > Help-gnutls mailing list > [email protected] > https://lists.gnu.org/mailman/listinfo/help-gnutls _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
