Hi, the java problem might be a different issue. Is your client using JSSE 1.0.3? Was your CA cert selfsigned with openssl?
I'm having similar problems, as have other people. Try setting property javax.net.debug=all to get a log out of JSSE. Does it say certificate_unknown? There are several threads about this issue on usenet but I have not been able to get useful hints up to now. Currently following these trails: - The CA cert does not have critical extension digitalSignature in addition to keyEncipherment - The ordering of the DN-components in server-cert.subject is different from ca-cert.subject - There is a workaround for a protocol bug in openssl-libs which JSSE doesnt like. See message news:<[EMAIL PROTECTED]> Andreas melton <melton.org.uk> wrote in message news:<c25l84 [ some lines deleted ] > > Another clue perhaps. We have a java application that tries to do SSL > with our CA (currently server authentication), and we get an exception > saying that a trusted cert couldn't be found, even though we added the > CA's self signed cert to the database and (we thought) set the trust > correctly. Ultimately, we'll be doing client authentication with the > certificate on the smart card. > > So in other words, it might be a trust issue instead of a signature > verification issue. If we can get the command line tools to work, we > think the java app working. If you have any clues on why the command > line tools are behaving this way, I'd appreciate it. > > melton _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
