I am having problems connecting to a system that requires a client
certificate. Generated the csr using the relevant openssl commands and
sent that to the required authority for signing. That has come back as a
valid certificate (can use openssl x509 to verify the certificate
content), but using that certificate does not allow the connection to
complete (fails with 'error:14094438:SSL routines:SSL3_READ_BYTES:tlsv1
alert internal error' )
According to the people that run the server I am trying to connect to,
the problem is that my certificate 'does not have the chaining setup.
The Root and CA should be trusted'
Does this mean that somehow I am supposed to include these as part of
the client certificate? If so, how do I do this? Does it instead mean
that I should somehow be passing the CA/Root into openssl to allow it to
verify the client as part of the connection? (which makes no sense to
me, why would the client need to verify it's own certificate - that must
be the servers job)
I was under the impression that the CA and Root would be held by the
server and that it would use those to verify the client certificate I am
presenting, but it seems not to be the case according to them. Can
anyone shed any light on this?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
