Hi Greg! I have not tested this, but from reading the openssl docs I had the feeling that all the CAs in the ca-file will be used.
Is the CA the only one in the ca-file or are the multiple CAs in the ca-file? Can you try if it works when using only a single CA in the ca-file? regards klaus On Sun, November 5, 2006 20:39, Gregoire said: > Hi everybody! > > I am using OpenSER 1.1 with TLS. > I have generate the client and server certificate with the scripts > gen_rootCA.sh and gen_usercert.sh. > Everything works fine, but I have generate certificate for my UA with > another CA and I have added this CA to the file user-cacert.pem. > When I try to connect with my UA, OpenSER logs an error like: > > "tls_error: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert > unknown ca" > > My file user-cacert.pem looks like: > -------BEGIN CERTIFICATE------ > MAOIposio..... > --------END CERTIFICATE-------- > -------BEGIN CERTIFICATE------ > MJ809il...... > --------END CERTIFICATE-------- > > I think that OpenSER takes only the first CA certificate and not all the > followings. > > Did someone have some experience with that case? > > Regards > > Greg > > _______________________________________________ > Users mailing list > [email protected] > http://openser.org/cgi-bin/mailman/listinfo/users > _______________________________________________ Users mailing list [email protected] http://openser.org/cgi-bin/mailman/listinfo/users
