I understand, that it's a bug in the way mac osx signs certificates. We've changed the ca in the meantime to a linux-box. So feel free to close the bug

Marco


Am 28.05.2016 um 21:23 schrieb Sebastian Andrzej Siewior:
On 2015-02-13 19:23:03 [+0100], Kurt Roeckx wrote:
On Fri, Feb 13, 2015 at 01:30:06PM +0100, Marco Nietz wrote:
root@neo:~# openssl verify -CAfile myCa.cer myClient.pem
myClient.pem: CN = My Client, emailAddress = [email protected]
error 7 at 0 depth lookup:certificate signature failure

As a workaround i keep the u13 version, but what can cause this error ?

We use this cerificate for client-authentication in nginx, which throws a 
comparable error

client SSL certificate verify error: (7:certificate signature failure)
Is this certificate generated by some MacOS application?  It's
known to make invalid certificates that were accepted in previous
versions.
Maro, the refrenced RT bug got closed as invalid. I would do the same here.
Any reason not to?

Kurt
Sebastian

Reply via email to