Re: Problem working with RSA certs?

[ohaya]

> 
> The certificate you have might not be certified for client authentication or
> the root CA might not be trusted for client authentication.
> 
> See what happens when you do:
> 
> openssl x509 -in clcert.pem -text -noout
> 
> Steve.


Steve,

Thanks for replying.  Here's what I got from one of the client certs:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            f2:68:25:dd:e7:03:b1:aa:42:e4:2d:f1:aa:fe:92:a0
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: [EMAIL PROTECTED], C=us, O=ATest1Dept, OU=ATest1Co,
CN=ATest1
        Validity
            Not Before: Feb 28 09:57:29 2005 GMT
            Not After : Feb 27 09:21:29 2008 GMT
        Subject: [EMAIL PROTECTED], C=us, O=ojl1ca1, OU=oujl1ca1,
CN=jl1ca1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:b9:e1:c8:a4:8f:91:4a:45:92:56:17:35:bb:67:
                    c2:1a:11:56:ed:74:7d:3c:ee:70:a6:bf:e9:97:d0:
                    57:3e:b6:34:73:be:b6:a9:e1:90:d6:8e:2f:d3:8e:
                    2a:71:d9:c1:81:fc:2e:0c:a5:fb:90:33:19:c6:7f:
                    4d:c7:5f:29:3f:26:7d:6e:40:41:78:51:7f:8a:cf:
                    4f:53:b6:95:3c:5b:d0:f0:51:5f:c4:31:53:b5:d1:
                    f5:b5:45:70:60:6f:b7:bf:3a:91:15:e2:40:1f:06:
                    04:51:de:25:f2:42:a8:d6:34:a7:9d:21:a7:c7:91:
                    e7:39:2b:9c:7f:bc:a7:e6:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
               
keyid:D8:BA:5E:77:CE:9B:01:07:8F:C0:1D:F8:85:D5:BC:C3:AC:7E:8E:DE

            X509v3 Key Usage: critical
                Key Encipherment, Data Encipherment, Key Agreement
            Netscape Cert Type: 
                SSL Server
            X509v3 Subject Alternative Name: 
                DNS:your.server.address.com
            X509v3 Subject Key Identifier: 
               
2B:2C:87:F1:3D:1D:12:84:DA:14:13:86:55:C7:45:D6:79:70:FB:0E
    Signature Algorithm: sha1WithRSAEncryption
        05:b9:de:d3:15:ad:04:73:42:d1:fd:76:ed:24:91:2c:0a:75:
        1e:41:bb:0a:35:c3:9f:7d:fa:ad:4e:30:55:16:1f:72:a9:94:
        a9:f2:23:75:80:95:56:53:d1:ff:94:64:ae:05:5d:0d:dc:60:
        82:5e:ca:dd:ea:5c:9f:26:32:e2:fa:78:71:41:83:83:99:09:
        2e:ff:04:b8:dc:93:e8:9f:3e:19:b0:d9:98:6f:32:59:53:78:
        97:99:67:9f:68:69:c3:dc:dc:5c:64:8a:c1:69:4c:ae:c4:72:
        60:8b:4b:00:7f:58:55:14:7f:7e:2a:ef:1d:45:fd:a5:cc:50:
        7d:5c

Is the problem "Netscape Cert Type" showing only "SSL Server"?

Jim
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]