To find problems in the trusted certificate chain, use 'openssl
s_client -connect host:port -showcerts' and then verify each
certificate. (Note: if your server certificate was issued from a
sub-CA rather than directly from a root, you must also ensure that you
call SSL_CTX_add_extra_chain_cert(3ss
We diagnosed the problem. Our keystore is missing the private key.
Java code to export the private key failes. Even IBM keyman shows only
certificates. It is not as if somebody can delete the private key from
the keystore ?
Mohan
On Sat, Dec 5, 2009 at 6:28 AM, Dave Thompson
wrote:
>> From: owne
> From: owner-openssl-us...@openssl.org On Behalf Of Mohan Radhakrishnan
> Sent: Friday, 04 December, 2009 05:54
>
> We see this message "no available certificates or key
> corresponding to the cipher suites" even before establishing a
> handshake. It is a mutual handshake. So keystores and
"No available certificates or key corresponding to the cipher suites"
may also be associated with not calling
SSL_CTX_use_RSAPrivatekey[_*](3ssl), or the private key not matching
the public key in the certificate. use_certificate first, then
use_RSA_Privatekey.
And don't forget to call SSL_CTX_ch
Possibly not. I meant that there could be 3 problems
1. Algorithm mismatch
2. Certificate imported in an incorrect keystore.
3. No trusted certificate chain.
Trying to home in on one of the problems.
Thanks,
Mohan
On Fri, Dec 4, 2009 at 4:24 PM, Mohan Radhakrishnan
wrote:
> Hi,
>
> We see
