Oops, you will also need this cert in the ca chain. The client cert that does verify was issued by this cert, which was issued by the root. The one I gave you that does not verify was issued by the root ca directly.
I think there is something wrong with my ca certs, because when I create a new root cert using ruby and then issue client certs, they verify just fine. Evidently I'm doing something right now, but something is wrong with the old ca certs. Hope that made sense.. -----BEGIN CERTIFICATE----- MIIEPjCCA6egAwIBAgIBATANBgkqhkiG9w0BAQQFADCByjELMAkGA1UEBhMCVVMx EzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1NlYXR0bGUxGzAZBgNVBAoT ElBheW1lbnQgT25saW5lIEluYzEmMCQGA1UECxMdQ2VydGlmaWNhdGUgU2Vydmlj ZXMgRGl2aXNpb24xIzAhBgNVBAMTGlBheW1lbnQgT25saW5lIEluYyBSb290IENB MSowKAYJKoZIhvcNAQkBFhtjZXJ0YWRtaW5AcGF5bWVudG9ubGluZS5jb20wHhcN MDIwNDEzMTkyMDA5WhcNMDcxMDA0MTkyMDA5WjCBzzELMAkGA1UEBhMCVVMxEzAR BgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1NlYXR0bGUxGzAZBgNVBAoTElBh eW1lbnQgT25saW5lIEluYzEkMCIGA1UECxMbQ2xpZW50IENlcnRpZmljYXRlIFNl cnZpY2VzMSowKAYDVQQDEyFQYXltZW50IE9ubGluZSBDbGllbnQgU2VydmljZXMg Q0ExKjAoBgkqhkiG9w0BCQEWG2NlcnRhZG1pbkBwYXltZW50b25saW5lLmNvbTCB nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApIPS9KTFAZoYQOFVxhDF1GfPMa7P THEbg29CQYYr/2TAY0rfQChHsczhnNAcb2dnPV0Iofz+J3sIVdY6CV7VpM85MdKh vMRkcfYlrgUCdGokQQweSmJfARLTTYCOe6KXjQ9uI6VIfoAeIRXwQzDfSFWz1P+a 3zT9jrC2c0Ck91sCAwEAAaOCASswggEnMB0GA1UdDgQWBBRbb6zjUkcXjYjuRpaQ vHgw1oEDyTCB9wYDVR0jBIHvMIHsgBTgv6ZDB3XiO9zm/675oMNIwOMV7KGB0KSB zTCByjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT B1NlYXR0bGUxGzAZBgNVBAoTElBheW1lbnQgT25saW5lIEluYzEmMCQGA1UECxMd Q2VydGlmaWNhdGUgU2VydmljZXMgRGl2aXNpb24xIzAhBgNVBAMTGlBheW1lbnQg T25saW5lIEluYyBSb290IENBMSowKAYJKoZIhvcNAQkBFhtjZXJ0YWRtaW5AcGF5 bWVudG9ubGluZS5jb22CAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOB gQAQYVMvmr3ik8iNYhAfy7GHfvpLtO+EF7xUtXBozZOa9DSgKlairvE5bLwIqq2I C9HakhyDYjXbx9/lNOuDmYoqtS30iYPNzbGCvfuoIsnr8nxwn7IQeSOAxdUknwCm hl1gRtwrAbgXFQL984pmF6u98byx/qSI/0BmIFi+0a5rKw== -----END CERTIFICATE----- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
