On Mon, Mar 10, 2014 at 01:38:46PM +0530, Harshal Talele wrote:
> As a matter of fact with use of with use of
> SSL_CTX_use_certificate_chain_file() API SSL handshake continues to fail
You must put all the PEM certificates (leaf certificate and intermediate CAs)
in the *same* file. With the leaf (server certificate) first, its issuing
CA second, any issuer for that CA third and so on.
You can also place the private key in the same file, or some other file.
-----BEGIN PRIVATE KEY-----
...server key...
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
...server cert...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...server cert's issuer: CA1...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...CA1's issuer: CA2...
-----END CERTIFICATE-----
...
If the certificates and the key are in the same file, make sure
the file is not world-readable.
> As you have mentioned Victor, I am using SSL_CTX_use_certificate_file() API
> to read cert.pem which contains server certificate & private key.
> Now I have another file chain.pem which contains only intermediate
> certificates.
You have split the leaf certificate from the intermediate issuing
CAs. DON'T.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
