[Devel] Re: [Users] Multiple CA

Gregoire mlgg at hispeed.ch
Mon Nov 6 13:27:41 CET 2006


Hi!
When a single CA is in the file, there is no problem. But when I put
multiple CAs, only the first one is taken. OpenSER doesn't care about
the others.

Greg
Klaus Darilion wrote:

>Hi Greg!
>
>I have not tested this, but from reading the openssl docs I had the
>feeling that all the CAs in the ca-file will be used.
>
>Is the CA the only one in the ca-file or are the multiple CAs in the
>ca-file? Can you try if it works when using only a single CA in the
>ca-file?
>
>regards
>klaus
>
>
>On Sun, November 5, 2006 20:39, Gregoire said:
>  
>
>>Hi everybody!
>>
>>I am using OpenSER 1.1 with TLS.
>>I have generate the client and server certificate with the scripts
>>gen_rootCA.sh and gen_usercert.sh.
>>Everything works fine, but I have generate certificate for my UA with
>>another CA and I have added this CA to the file user-cacert.pem.
>>When I try to connect with my UA, OpenSER logs an error like:
>>
>>"tls_error: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
>>unknown ca"
>>
>>My file user-cacert.pem looks like:
>>-------BEGIN CERTIFICATE------
>>MAOIposio.....
>>--------END CERTIFICATE--------
>>-------BEGIN CERTIFICATE------
>>MJ809il......
>>--------END CERTIFICATE--------
>>
>>I think that OpenSER takes only the first CA certificate and not all the
>>followings.
>>
>>Did someone have some experience with that case?
>>
>>Regards
>>
>>Greg
>>
>>_______________________________________________
>>Users mailing list
>>Users at openser.org
>>http://openser.org/cgi-bin/mailman/listinfo/users
>>
>>    
>>
>
>
>
>  
>




More information about the Devel mailing list