> -----Original Message----- > From: Marcello Marangio [mailto:m.maran...@innova.puglia.it] > > Da: Jason Pyeron [mailto:jpye...@pdinc.us] > > > From: Marcello Marangio [mailto:m.maran...@innova.puglia.it] > > > > Da: Jason Pyeron [mailto:jpye...@pdinc.us] > > > > > > Ok. > > > I made the same thing with IE and in the debug it says "null cert > > > chain" > > > during the client authentication handshake. > > > Now I am confused... > > > > > > > Lets step back and look. > > > > Can you provide the smart card and server certificate chain > (no keys > > please)? > > Hang on a second... > The server certificate is an self signed certificate I made > with keytool. > The smart card certificate, instead, is a real one, I use to > legally sign electronic documents; the issuer is an Italian CA. > > Do you expect the issuer of the smart card certificate to be > the same as the server one?
Not always. Lets take for example: https://mail.pdinc.us <-PD Inc Public CA<-PD Inc Root CA and MySmartCard <- DOD EMAIL CA-15 <- DoD Root CA-2 The smime cert used on this email I can use my smart card to auth againstthe server. But the server must know about DoD Root CA-2. > > How can I print out the certificate chain? > Thanks again > M -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100 - - +1 (443) 269-1555 x333 Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00.
mail.pdinc.us.cer
Description: application/x509-ca-cert
PDIncPublicCA.cer
Description: application/x509-ca-cert
PDIncRoot.cer
Description: application/x509-ca-cert
smartcard.cer
Description: application/x509-ca-cert
dodemailca-15.cer
Description: application/x509-ca-cert
DoDRootCA-2.cer
Description: application/x509-ca-cert
smime.p7s
Description: S/MIME cryptographic signature
