Remember that you need to include -showcerts in the s_client line to get it to dump certificates.
-Kyle H On Mon, Sep 13, 2010 at 6:04 PM, Tim Hudson <tim.hud...@pobox.com> wrote:
> Also, gnutls-client works correctly and lists the entire CA chain, which would also seem to indicate the server is supplying them. Connecting with openssl s_client as per the command you provided is not showing the certificate chain. openssl s_client -verify 10 -CAfile /etc/ssl/certs/Thawte_Premium_Server_CA.pem -connect strategic.wiki.csupomona.edu:443 Try gnutls without the TLS extensions processing occurring and you will see that the server is not sending back the certificate chain: gnutls-cli --priority 'NONE:+VERS-SSL3.0:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL' --debug 10 --x509cafile /etc/ssl/certs/Thawte_Premium_Server_CA.pem strategic.wiki.csupomona.edu -p 443 This fails. You need to correct your server configuration so that it correctly sends out the chain. Tim. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-us...@openssl.org Automated List Manager majord...@openssl.org
smime.p7s
Description: S/MIME Cryptographic Signature
