Hi all,
I am trying to establish a connection with selfsigned
certificates (for server AND client). So I use a self-
signed certificate for the client, put this into the
CAfile for the server, take a self-signed cert for the
server and use this as CAfile for the client.
Now I use s_client and s_server to test this:
openssl s_server -cert servercert.pem -key serverkey.pem -verify 5
-CAfile clientcert.pem
and
openssl s_client -connect localhost:4433 -key clientkey.pem -cert
clientcert.pem -CAfile servercert.pem -verify 5
This is what I get (on the server, client looks the same):
depth=0 /C=DE/O=Test/OU=TestOU/CN=test01
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=DE/O=Test/OU=TestOU/CN=test01
verify error:num=21:unable to verify the first certificate
verify return:1
Is this intended behaviour? Or is there something I can
do about it? From my understanding this should work:
Each self-signed certificate is in the list of trusted
CAs of the communication partner, so there is a definite
trust. Or is it some obscure extension missing etc? ;-)
Regards,
Olaf
--
Dipl.Inform. Olaf Gellert INTRUSION-LAB.NET
Senior Researcher, www.intrusion-lab.net
PKI - and IDS - Services [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
