On Fri, Jan 15, 2010, Rausch, Michael wrote: > Thanks. Yes I have made sure they are all in there. > > The certificate in question reads out something like: > > subject name: servername.subdomain.domain.com > SAN#1: servername.subdomain.domain.com > SAN#2: servername.domain.com > SAN#3: servername > SAN#4: sip.domain.com > SAN#5: sip.subdomain.domain.com > > Do you need to do anything in particular since it needs to be a MTLS cert vs > a SSL or TLS cert? > > Thanks (and sorry for the double post, not a good first impression huh?) >
Does the certificate chain work OK via Internet Explorer to a test server such as s_server? If not you might get a more meaningful error. Another thing to check is validity nesting: the validaty dates of each certificate must be within those of the issuer. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
