On 22/03/2011 09:24, Crypto Sal wrote:
Me thinks they don't understand Client Authentication/Digital
Certificates. The server doesn't typically need to verify up to the
root, they provide a list of acceptable client CA names during the
handshake.
I'm using a CAfile that has all of the certifi
On 22/03/2011 08:09, plot.lost wrote:
Or do you simply mean you looked manually at the x509 output
(probably -text) and it looks correct to you?
Yes, using -text to manually check the chain.
Have you confirmed this alert is in response to your cert?
You can use s_client with -debug, or run
Or do you simply mean you looked manually at the x509 output
(probably -text) and it looks correct to you?
Yes, using -text to manually check the chain.
Have you confirmed this alert is in response to your cert?
You can use s_client with -debug, or run a network monitor
(I recommend www.wire
I am having problems connecting to a system that requires a client
certificate. Generated the csr using the relevant openssl commands and
sent that to the required authority for signing. That has come back as a
valid certificate (can use openssl x509 to verify the certificate
content), but usin
Hi, I'm validting a cert chain by first loading the certificates I trust
into memory and using it durign validation by calling
X509_STORE_CTX_trusted_stack()
This is working, but I would like to be able to treat the trusted certs
as two different types - trusted root certs and trusted intermed
