On Wed, Mar 24, 2010 at 4:46 AM, Dr. Stephen Henson <st...@openssl.org> wrote: > The path of the responder certificate has to be validated so you need to pass > the root CA using the -CAfile or -CApath command line arguments.
adding -CAfile did the trick -- adding it to BOTH the server-launch cmd, AND the client-query. the server HAD been launched with "-CA file" already specified ... i note that, -CA file CA certificate -CAfile file trusted certificates file to understand -- why wouldn't passing "-CA file" be sufficient? wouldn't the CA certificate be trusted implicitly, without having to _also_ specify it with "-CAfile"? just a bit unclear ... thanks. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
