You don't want to specify the CA's private key as the argument for -CAfile, you need to specify the CA certificate for that.
Also an indication of the errors you get would help ... D. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Samy Thiyagarajan Sent: 10 January 2006 14:53 To: openssl-users@openssl.org Subject: problem in client authentication -no luck hi .. now i created a CA and a certificate signed by it. my client call is now, s_client -connect ip:port -cert clientcert.pem -key clientPrivKey.pem -CAfile cakey.pem still no development.... can someone look into this issue please...? "Mark" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 10.01.2006 14:12 Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject RE: problem in client authentication Classification > my last mail seem to be lost somewhere.. I got it! > Hi all, > > Im testing an SSL server with s_client. I want to implement > client authentication. > > The problem is even if I include the certificate and key file > in my client call, SSL_get_peer_certificate() > returns NULL > > I tried the following calls, > > a) S_client -connect ip:port > b) s_client -connect ip:port -cert clientcert.pem -key > clientPrivkey.pem I would think you would need to specify the root certificate using the -CAfile option. Cheers, Mark ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]