Re: SSLVerifyClient fails

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig5F14D37EB43A87E35E9A48C1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Sven L=F6schner schrieb:
>>Try using "openssl s_client ...." to connect(? arg for=20
>>options). It'll give alot of debug info.
>=20
>=20
> Okay, I tried "openssl s_client -connect www.test.de:443 -CAfile
> /etc/ssl/UserCA/UserCAchaincert.pem -verify 3 -cert
> /etc/ssl/UserCA/svencert.pem -key /etc/ssl/UserCA/svenkey.pem -reconnec=
t
> -showcerts -state -bugs"
>=20
> The output is the following:
>=20
> CONNECTED(00000003)
> SSL_connect:before/connect initialization
> SSL_connect:SSLv2/v3 write client hello A
> SSL_connect:SSLv3 read server hello A
> depth=3D0 /C=3DDE/ST=3DNRW/L=3DHattingen/O=3DMX/OU=3DDemo
> Server/CN=3Dwww.test.de/emailAddress=3Dinfo@test.de
> verify error:num=3D20:unable to get local issuer certificate

Seems you don't have the required Root-CA-Certificates installed on your
webserver. (you need the root-certificate of your client-certificates)
anyone correct me if I'm wrong.

Paul
--=20
Linux-User #271918 with the Linux Counter, http://counter.li.org/


--------------enig5F14D37EB43A87E35E9A48C1
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC8cr/qErKtBWD7VQRAp0DAKCuMkxcT+xx9f5/+voXL0qvPgNomwCeMRwt
uH0ACRRbnXuUIZ9ebRB/Bmw=
=N1Pk
-----END PGP SIGNATURE-----

--------------enig5F14D37EB43A87E35E9A48C1--
__________________________________________________ ____________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org