Hi, both with openssl, I am trying to have a server and client that perform client certificate authentication.
So, I start the server as follows: openssl s_server -www -key /dir/server-key.pem -cert /dir/server-cert.pem -CAfile /dir/cacert.pem -state and as per the previous posts on the list, the CAfile is not empty since openssl x509 -in /dir/cacert.pem -noout -text gives nice output. Then, I connect from a different shell window on the same server with openssl s_client -connect localhost:4433 -cert /dir/clientCert.pem -key /dir/ClientCertKey.pem -CAfile /dir/server-cert.pem and I get asked for my key's password. /dir/cacert.pem and /dir/clientCert.pem are identical since it is a self-signed client certificate. Then a connection is established successfully, but I see the "No client certificate CA names sent" Then I do a R on the client side since that ought request the client certificate as per http://openssl.org/docs/apps/s_server.html#CONNECTED_COMMANDS, but no change. Also, when doing "GET /" there is not hint a client certificate authentication has happened. Is there any other option I have overlooked to tell s_server it really should ask for a client certificate? Many thanks for any hints in advance! Ralf ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
