Does it look for client cert chain by default in the home dir? Looks like it's due to mutual authentication setup?
On Mon, Jun 4, 2012 at 4:24 AM, Eisenacher, Patrick < patrick.eisenac...@bdr.de> wrote: > > From: al so > > > > openssl s_client -showcerts -connect <TP.COM>:443 > > CONNECTED(00000003) > > depth=1 /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign > International Server CA - Class > > 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign > > verify error:num=20:unable to get local issuer certificate > > verify return:0 > > 16747:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad > certificate:s3_pkt.c:1093:SSL alert number 42 > > 16747:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake > failure:s23_lib.c:188: > > The error tells you that the server doesn't like your client cert chain. > As such, it sends a bad certificate alert. You should check the server's > log for any details. > > > HTH, > Patrick Eisenacher >
