On October 22, 2004 10:54 am, Golub Heath wrote: > Sorry in advance but I am fairly new to OpenSSL and though I have read > a lot .. .I just can't seem to get it right. Any help, even direction > pointing (eg. a URL) would be greatly appreciative.
You needn't worry, what you're asking is far from the easiest thing people have problems with :-) > I have also tried the certificates with just the DOD Class 3 CA-3 in > the DoDSub-ca and all the rest in the DoDRoot-ca files. Any advice? As a first step, I'd recommend testing this out with openssl at both ends, ie. verify your understanding of which certs are which (and what effect they have). Use "openssl s_client" on the client side, "openssl s_server" on the server side. The -CAfile, -cert, -key, and -[Vv]erify arguments are what you need to control the cert behaviour, and "-showcerts" wouldn't be a bad idea either. The second step would be to run IE on the client side but stick with s_server on the server - this will tell you whether IE is causing your problems. It won't respond with a web-page of course, but the browser should pause waiting for a response while you sift through the s_server output. Good luck, Geoff -- Geoff Thorpe [EMAIL PROTECTED] http://www.geoffthorpe.net/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
