Also I'm surprised to see V3 cert with no KeyUsage section ... It would also would be more normal to use Extended Key Usage to say it is good for SSL Server etc. rather than use the old NetScape Cert Type ...
Dave -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sven Löschner Sent: 28 April 2005 16:26 To: openssl-users@openssl.org Subject: RE: SSLVerifyClient > If you can post the output of: > > openssl x509 -in cert.pem -text -noout Okay, this comes out with the server.pem (I shortend the Algorithm-Tables with "...": Certificate: Data: Version: 3 (0x2) Serial Number: 4 (0x4) Signature Algorithm: md5WithRSAEncryption Issuer: C=DE, ST=test, L=test, O=test, OU=test, CN=test.net/[EMAIL PROTECTED] Validity Not Before: Apr 28 08:10:22 2005 GMT Not After : Apr 28 08:10:22 2006 GMT Subject: C=DE, ST=test, O=test, OU=test, CN=test.net/[EMAIL PROTECTED] Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00... Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Cert Type: SSL Client, S/MIME Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: CF:EC:79:6E:AA:45:EA:69:8A:1E:61:A6:CB:1D:AA:FC:00:A4:3C:07 X509v3 Authority Key Identifier: keyid:40:83:CD:62:12:94:CD:79:58:E6:AE:C4:8A:DC:82:51:B3:21:64:E9 DirName:/C=DE/ST=test/L=test/O=test/OU=test/CN=test.net/[EMAIL PROTECTED] st.net serial:00 Netscape SSL Server Name: https://www.test.net Signature Algorithm: md5WithRSAEncryption b9:e8.... Bye, Sven ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]