Michael Sierchio <[EMAIL PROTECTED]> writes:
> "Chen, Qiming" wrote:
> >
> > Hi, when I use ssldump to watch my server and client communication in linux,
> > client sent certificate to server, but server always said: bad certificate.
> > Anyone know how do I make a client certificate that server will accept?
> > Thanks a lot!
>
> The server sends a list of Distinguished Names of signers to the client,
> the client must present a cert signed by (or a certificate chain rooted by)
> one of those signers.
An excellent point. I must have been brain-dead this morning when
I forgot to mention this.
If you've linked ssldump with OpenSSL and tell it to ASN.1 decode
(use the -N flag) you can see both the DNs of the roots
(in the CertificateRequest message) and a dump of the certificate.
-Ekr
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
