> Try using "openssl s_client ...." to connect(? arg for > options). It'll give alot of debug info.
Okay, I tried "openssl s_client -connect www.test.de:443 -CAfile /etc/ssl/UserCA/UserCAchaincert.pem -verify 3 -cert /etc/ssl/UserCA/svencert.pem -key /etc/ssl/UserCA/svenkey.pem -reconnect -showcerts -state -bugs" The output is the following: CONNECTED(00000003) SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL_connect:SSLv3 read server hello A depth=0 /C=DE/ST=NRW/L=Hattingen/O=MX/OU=Demo Server/CN=www.test.de/[EMAIL PROTECTED] verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /C=DE/ST=NRW/L=Hattingen/O=MX/OU=Demo Server/CN=www.test.de/[EMAIL PROTECTED] verify error:num=27:certificate not trusted verify return:1 depth=0 /C=DE/ST=NRW/L=Hattingen/O=MX/OU=Demo Server/CN=www.test.de/[EMAIL PROTECTED] verify error:num=21:unable to verify the first certificate verify return:1 SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server key exchange A SSL_connect:SSLv3 read server certificate request A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client certificate A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write certificate verify A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL_connect:failed in SSLv3 read finished A 22430:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226: Sven ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager [EMAIL PROTECTED]