Hi can some one reply for this question? Thanks Sudhakar
On 12/20/06, Sudhakar wrote:
Hi, I am facing a problem with chain of certs. I have used the following commands for creating chain of certs ( servercert2.pem will have its cert signed by servercert.pem which is inturn signed by rootcert.pem ): openssl req -newkey rsa:1024 -sha1 -keyout rootkey.pem -out rootreq.pem openssl x509 -req -in rootreq.pem -sha1 -days 1000 -signkey rootkey.pem-out rootcert.pem openssl req -newkey rsa:1024 -sha1 -keyout serverkey.pem -out serverreq.pem openssl x509 -req -in serverreq.pem -sha1 -days 1000 -CA rootcert.pem-CAkey rootkey.pem -CAcreateserial -out servercert.pem openssl req -newkey rsa:1024 -sha1 -keyout serverkey2.pem -out serverreq2.pem openssl x509 -req -in serverreq2.pem -sha1 -days 1000 -CA servercert.pem-CAkey serverkey.pem -CAcreateserial -out servercert2.pem cat servercert.pem >> servercert2.pem cat rootcert.pem >> servercert2.pem I assume, at the end of these commands servercert2.pem will have a chain of certs. At the server side, I used SSL_CTX_use_certificate_chain_file for using servercert2.pem file and at the client side I used SSL_CTX_load_verify_locations for using rootcert.pem. Now I get an error during ssl handshake. The error says "tlsv1 alert unknown ca:SSL alert number 48:s3_pkt.c(1052)" at the server side and "certificate verify failed:s3_clnt.c(844)" at the client side. I am sure I did some mistake when creating the chain of cert. Can some one point out the right way. Thanks Sudhakar
