Dear Ebell & All, Indeed what you said is true. I copied the newly created self signed cert to the bundle of CA lists the server would accept, and the connection goes through fine.
Now, then I am to make my own private CA and then create a certificate signed by my private CA. Then the problem would be solved, for me. I know how to create a private CA (using the CA.sh -newca in the apps directory of OpenSSL). What I am not aware is how to generate a certificate signed by my Private CA in a C language program. Could one suggest how this is done. Thanks again rsr. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Gotz Babin-Ebell Sent: Wednesday, February 12, 2003 10:38 PM To: [EMAIL PROTECTED] Subject: Re: are server certs different from client certs Hello, Chandrasekhar R S wrote: > Hi all, > I have created a certificate using the following sequence of calls : > > X509_new() > RSA_generate_key() > X509_set_version(cert,3) > ASN1_INTEGER_set(X509_get_serialNumber(cert),0) > X509_gmtime_adj(X509_get_notBefore(cert),0); > X509_gmtime_adj(X509_get_notAfter(cert),45); > X509_set_pubkey(cert,pk) > X509_set_issuer_name() > X509_set_subject_name() > X509_sign() I assume: self signed certificate ? > Thus created certificate is working fine when registered with a server > (ie., server is presenting the certificate and communication goes through > fine). > > Instead, the same certificate registered with a client, does not work. The > server mandated to authenticate the client, throws up an error : > "25199:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no > certificate returned:s3_srvr.c:1989:" The server sends a list of trusted CA certs or client authentication. If the client cert is self signed, it is not in this list so it is not accepted as a valid client certificate. Self signed certificates as end entity certificates are a quick hack. You should (almost) always work with an (official or own) CA. Bye Goetz -- Goetz Babin-Ebell, TC TrustCenter AG, http://www.trustcenter.de Sonninstr. 24-28, 20097 Hamburg, Germany Tel.: +49-(0)40 80 80 26 -0, Fax: +49-(0)40 80 80 26 -126 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]