Hi, I've figured out how to get the "openssl s_client" to display the list of CAs:
1) Run: openssl s_client -connect host:port -prexit 2) When it pauses, type in a "GET": GET / HTTP/1.0<Enter> So I am now able to see the list of CAs that the webserver is sending, and here's an excerpt: . . /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust... /[EMAIL PROTECTED]/C=us/O=ATest1Dept/OU=ATest1Co/CN=ATest1 /C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)/OU... . . The test CA's cert appears to be among them (the "CN=ATest1"), and I've now tested with both IE and Netscape, but neither of these will display the client cert that was issued by the test CA!! Does anyone have any idea why this might be happening? Thanks, Jim ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
