RE: sslv3 alert bad certificate:s3_pkt.c:1065:SSL alert number 42
From: owner-openssl-us...@openssl.org On Behalf Of Anamitra Dutta Majumdar (anmajumd) Sent: Friday, 26 October, 2012 19:13 To: openssl-users@openssl.org Subject: Re: sslv3 alert bad certificate:s3_pkt.c:1065:SSL alert number 42 This is a close box without a server operator. Is there a way to determine why the [client] cert chain was Disliked. 1. Be psychic, or divine. Or guess, and be very lucky. 2. Find out something about the server. 3. Find out something about other users who succeed, if any. Look for similarities or differences. Note that the server's decision about whether to accept a cert can be based on more than what's in the cert, either intentionally or by mistake. It might reasonably be (partly) based on the client machine address and/or DNS. It might less unreasonably be based on time of day, or phase of moon, or how many other users are connected, or how many have been connected in the past. 4. Keep in mind the server's rejection of your cert (chain) may be mistaken. It might be that your cert is actually good but the server is misconfigured, or in a bad state, or has a bug. If the server is wrong and no one can fix it, you can't use it unless you can figure out what the problem is and it can be avoided or worked around. And if you don't know the correct operation figuring out incorrect behaviour is hugely harder. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: sslv3 alert bad certificate:s3_pkt.c:1065:SSL alert number 42
From: owner-openssl-us...@openssl.org On Behalf Of Anamitra Dutta Majumdar (anmajumd) Sent: Thursday, 25 October, 2012 02:48 We are getting the following error when running the s_client. We are on openssl 0.9.8l What could be the possible cause of this error snip 4955:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: s3_pkt.c:1065:SSL alert number 42 4955:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure: s3_pkt.c:530: The server doesn't like the client certificate (chain) you sent. It didn't use one of the more specific alert codes to say what it disliked. Either ask the server operator(s) what it disliked, or if they have a stated policy about what certs they accept, examine your cert chain and compare to that policy. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: sslv3 alert bad certificate:s3_pkt.c:1065:SSL alert number 42
Hi Dave, This is a close box without a server operator. Is there a way to determine why the cert chain was Disliked. Thanks, Anamitra On 10/26/12 3:14 PM, Dave Thompson dthomp...@prinpay.com wrote: From: owner-openssl-us...@openssl.org On Behalf Of Anamitra Dutta Majumdar (anmajumd) Sent: Thursday, 25 October, 2012 02:48 We are getting the following error when running the s_client. We are on openssl 0.9.8l What could be the possible cause of this error snip 4955:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: s3_pkt.c:1065:SSL alert number 42 4955:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure: s3_pkt.c:530: The server doesn't like the client certificate (chain) you sent. It didn't use one of the more specific alert codes to say what it disliked. Either ask the server operator(s) what it disliked, or if they have a stated policy about what certs they accept, examine your cert chain and compare to that policy. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org