[Users] Multiple CA
Klaus Darilion
klaus.mailinglists at pernau.at
Mon Nov 6 11:47:31 CET 2006
Hi Greg!
I have not tested this, but from reading the openssl docs I had the
feeling that all the CAs in the ca-file will be used.
Is the CA the only one in the ca-file or are the multiple CAs in the
ca-file? Can you try if it works when using only a single CA in the
ca-file?
regards
klaus
On Sun, November 5, 2006 20:39, Gregoire said:
> Hi everybody!
>
> I am using OpenSER 1.1 with TLS.
> I have generate the client and server certificate with the scripts
> gen_rootCA.sh and gen_usercert.sh.
> Everything works fine, but I have generate certificate for my UA with
> another CA and I have added this CA to the file user-cacert.pem.
> When I try to connect with my UA, OpenSER logs an error like:
>
> "tls_error: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
> unknown ca"
>
> My file user-cacert.pem looks like:
> -------BEGIN CERTIFICATE------
> MAOIposio.....
> --------END CERTIFICATE--------
> -------BEGIN CERTIFICATE------
> MJ809il......
> --------END CERTIFICATE--------
>
> I think that OpenSER takes only the first CA certificate and not all the
> followings.
>
> Did someone have some experience with that case?
>
> Regards
>
> Greg
>
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users
>
More information about the sr-users
mailing list