> From: owner-openssl-us...@openssl.org On Behalf Of plot.lost
> Sent: Tuesday, 22 March, 2011 02:12
> On 22/03/2011 09:24, Crypto Sal wrote:
> > Me thinks they don't understand Client Authentication/Digital
> > Certificates. The server doesn't typically need to verify up to the
> > root, they p
On 22/03/2011 09:24, Crypto Sal wrote:
Me thinks they don't understand Client Authentication/Digital
Certificates. The server doesn't typically need to verify up to the
root, they provide a list of acceptable client CA names during the
handshake.
I'm using a CAfile that has all of the certifi
On 03/22/2011 12:09 AM, plot.lost wrote:
Or do you simply mean you looked manually at the x509 output
(probably -text) and it looks correct to you?
Yes, using -text to manually check the chain.
Have you confirmed this alert is in response to your cert?
You can use s_client with -debug, or r
On 22/03/2011 08:09, plot.lost wrote:
Or do you simply mean you looked manually at the x509 output
(probably -text) and it looks correct to you?
Yes, using -text to manually check the chain.
Have you confirmed this alert is in response to your cert?
You can use s_client with -debug, or run
Or do you simply mean you looked manually at the x509 output
(probably -text) and it looks correct to you?
Yes, using -text to manually check the chain.
Have you confirmed this alert is in response to your cert?
You can use s_client with -debug, or run a network monitor
(I recommend www.wire
> From: owner-openssl-us...@openssl.org On Behalf Of plot.lost
> Sent: Monday, 21 March, 2011 11:44
> I am having problems connecting to a system that requires a client
> certificate. Generated the csr using the relevant openssl commands and
> sent that to the required authority for signing. Tha
I am having problems connecting to a system that requires a client
certificate. Generated the csr using the relevant openssl commands and
sent that to the required authority for signing. That has come back as a
valid certificate (can use openssl x509 to verify the certificate
content), but usin