Deep Chand schrieb:
Thanks Ted for a quick reply. I can receive data as you suggested. I use this option on s_server. I guess it should do mutual authentication. Correct?s_server -cert "D:/ssl/src/Keys/usingUIforopenssl/servernewpublic.pem" -key "D:/ssl/src/Keys/usingUIforopenssl/servernewprivate.pem" -CAfile "D:/ssl/src/Keys/usingUIforopenssl/clientnewpublic.pem" -verify 1 -debug-msg
Yes, this looks like it's correct. But I'm not completely sure about how s_server reacts if it cannot verify the client's cert. Maybe there's an error message but the connection is established anyway, so you should have another look at the output of s_server for something like "error verifying certificate" or the other way round.
BTW, I would skip the -debug and -msg options, since they make the output quite hard to read. And they won't help you very much unless you're quite aquainted with the SSL protocol and openssl internals...
Of course I cannot say wether your client requests and verifies the server's certificate correctly... ;)
Hope it helps. TedP.S.: Sorry, I saw your s_server options in the last mail the moment I hit the "Send" button...
-- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26
smime.p7s
Description: S/MIME Cryptographic Signature
