X509v3 extensions:
            X509v3 Basic Constraints:
            CA:FALSE
            Netscape Cert Type:
            SSL Client, S/MIME
            Netscape Comment:
            OpenSSL Generated Certificate

is why it is failing.   The server certificate needs:

 X509v3 extensions:
            X509v3 Basic Constraints:
            CA:FALSE
            Netscape Cert Type:
            SSL Server, S/MIME
            Netscape Comment:
            OpenSSL Generated Certificate

Or 

 X509v3 extensions:
            X509v3 Basic Constraints:
            CA:FALSE
            Netscape Cert Type:
            SSL Client, SSL Server, S/MIME
            Netscape Comment:
            OpenSSL Generated Certificate
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sven Löschner
Sent: 28 April 2005 16:26
To: openssl-users@openssl.org
Subject: RE: SSLVerifyClient

> If you can post the output of:
> 
> openssl x509 -in cert.pem -text -noout

Okay, this comes out with the server.pem (I shortend the Algorithm-Tables
with "...":


Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4 (0x4)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=DE, ST=test, L=test, O=test, OU=test,
CN=test.net/[EMAIL PROTECTED]
        Validity
            Not Before: Apr 28 08:10:22 2005 GMT
            Not After : Apr 28 08:10:22 2006 GMT
        Subject: C=DE, ST=test, O=test, OU=test,
CN=test.net/[EMAIL PROTECTED]
            Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00...
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
            CA:FALSE
            Netscape Cert Type:
            SSL Client, S/MIME
            Netscape Comment:
            OpenSSL Generated Certificate
            X509v3 Subject Key Identifier:
            CF:EC:79:6E:AA:45:EA:69:8A:1E:61:A6:CB:1D:AA:FC:00:A4:3C:07
            X509v3 Authority Key Identifier:
 
keyid:40:83:CD:62:12:94:CD:79:58:E6:AE:C4:8A:DC:82:51:B3:21:64:E9
 
DirName:/C=DE/ST=test/L=test/O=test/OU=test/CN=test.net/[EMAIL PROTECTED]
st.net
            serial:00

            Netscape SSL Server Name:
            https://www.test.net
    Signature Algorithm: md5WithRSAEncryption
        b9:e8....


Bye,

Sven

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to