Before continuing with further programming, I wanted to know if I got this certificate signing going well. Thanks for any feedback, it will be deeply appreciated.
I created a self signed certificate and used s_server to create a secured server on one machine (zzserver.mynet.com) and secured client on another server (zzclient.mynet.com). The server went on like this : [shell] % openssl s_server -accept 9999 -cert root.pem -CAfile root.pem Enter pass phrase for root.pem: Using default temp DH parameters Using default temp ECDH parameters ACCEPT [/shell] I then created a client certificate and signed it with the root certificate. The client cert and key have been cat'ted along with root cert to form a client pem which I transfered to my client machine and used s_client to connect to the server like so: [shell] % openssl s_client -connect zzserver.mynet.com:9999 -cert client.pem Enter pass phrase for client.pem: CONNECTED(00000003) depth=0 /C=CA/ST=Quebec/L=Montreal/O=ZZ Server/OU=ZZ Server/CN=zzserver.mynet.org verify error:num=18:self signed certificate verify return:1 depth=0 /C=CA/ST=Quebec/L=Montreal/O=ZZ Server/OU=ZZ Server/CN=zzserver.mynet.org verify return:1 [/shell] After that follows the certificate chain and the (ASCII-armed ?) server certificate. I could then send random messages client <=> server. First question: Now I understand the self signed error. But is this really an "error" or will it be sufficient to authenticate the server's identity and bypass it as an acceptable behavior in a legitimate program ? Second question: Then I got this message: "No client certificate CA names sent." Didn't I provide it with my client.pem certificate on the command-line ? How can I make the host authenticate my client (providing s_server and s_client can do such thing). Thanks. Marc St-Jacques. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
