Re: Different certificate chains?

[Joe Auricchio]

Hi Pablo,

For the CA root certificate (self-signed, created with CA.pl -newca 
then recreated with openssl ca with notafterdate 10 years from now)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
        Signature Algorithm: md5WithRSAEncryption
        Issuer: C=US, ST=California, L=Cambria, O=definitely not safe 
here, OU=Certificate Authority, CN=definitely not safe here Certificate 
Authority/[EMAIL PROTECTED]
        Validity
            Not Before: Jun 25 00:31:01 2003 GMT
            Not After : Jun 22 00:31:01 2013 GMT
        Subject: C=US, ST=California, L=Cambria, O=definitely not safe 
here, OU=Certificate Authority, CN=definitely not safe here Certificate 
Authority/[EMAIL PROTECTED]

For the IMAPS certificate (the one that does not mention the CA root 
when I use openssl s_client)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, ST=California, L=Cambria, O=definitely not safe 
here, OU=Certificate Authority, CN=definitely not safe here Certificate 
Authority/[EMAIL PROTECTED]
        Validity
            Not Before: Jun 25 00:35:13 2003 GMT
            Not After : Jun 24 00:35:13 2004 GMT
        Subject: C=US, ST=California, L=Cambria, O=definitely not safe 
here, OU=IMAPS, 
CN=definitelynotsafe.com/[EMAIL PROTECTED]

For the HTTPS certificate (the one that works fine with openssl 
s_client)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, ST=California, L=Cambria, O=definitely not safe 
here, OU=Certificate Authority, CN=definitely not safe here Certificate 
Authority/[EMAIL PROTECTED]
        Validity
            Not Before: Jun 25 00:33:05 2003 GMT
            Not After : Jun 24 00:33:05 2004 GMT
        Subject: C=US, ST=California, L=Cambria, O=definitely not safe 
here, OU=HTTPS, 
CN=secure.definitelynotsafe.com/[EMAIL PROTECTED]

It occurs to me that I should switch the two certificates to see if 
it's actually a problem with the certs themselves, or with the app 
configuration. I will try that and report my findings...

Thanks for your help!

Joe Auricchio ~ [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]