[Incorrectly initially posted in dev.] Please bear with me; I'm a real SSL newbie. I am attempting to develop my first SSL program, an SSL/TLS client that will communicate with a commercial SSL server product (Kiwi Server) that is running on a VM on my system.
Kiwi *only* accepts IIS-issued certificates. I issued a certificate using IIS 7.5 Manager "Issue Self-Signed Certificate." Windows 7 says "This certificate is OK." My client follows the general scheme of the client in Chapter 5 of the O'Reilly OpenSSL book. I know am getting the certificate back correctly from the server because the FQDN in the certificate is correct. But if I turn on SSL_CTX_set_verify(SslCtx, SSL_VERIFY_PEER, NULL) in my client then SSL_connect(SslObj) fails with 8140:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:.\ssl\s3_clnt.c:1166: In my context setup I am doing SSL_CTX_load_verify_locations(SslCtx, "path of IIS certficate in PEM format", NULL) and SSL_CTX_set_default_verify_paths(SslCtx) with no error. Obviously that is incorrect or insufficient. Can anyone point me at what I should be doing differently? Thanks much, -- View this message in context: http://old.nabble.com/CA-for-IIS-issued-self-signed-certificate--tp34283820p34283820.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
