> From: owner-openssl-us...@openssl.org On Behalf Of Anamitra Dutta Majumdar (anmajumd) > Sent: Friday, 26 October, 2012 19:13 > To: openssl-users@openssl.org > Subject: Re: sslv3 alert bad certificate:s3_pkt.c:1065:SSL alert number 42
> This is a close box without a server operator. > Is there a way to determine why the [client] cert chain was > Disliked. > 1. Be psychic, or divine. Or guess, and be very lucky. 2. Find out something about the server. 3. Find out something about other users who succeed, if any. Look for similarities or differences. Note that the server's decision about whether to accept a cert can be based on more than what's in the cert, either intentionally or by mistake. It might reasonably be (partly) based on the client machine address and/or DNS. It might less unreasonably be based on time of day, or phase of moon, or how many other users are connected, or how many have been connected in the past. 4. Keep in mind the server's rejection of your cert (chain) may be mistaken. It might be that your cert is actually good but the server is misconfigured, or in a bad state, or has a bug. If the server is wrong and no one can fix it, you can't use it unless you can figure out what the problem is and it can be avoided or worked around. And if you don't know the correct operation figuring out incorrect behaviour is hugely harder. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
