Olaf Gellert wrote: [...] > This is what I get (on the server, client looks the same): > > depth=0 /C=DE/O=Test/OU=TestOU/CN=test01 > verify error:num=20:unable to get local issuer certificate > verify return:1 > depth=0 /C=DE/O=Test/OU=TestOU/CN=test01 > verify error:num=21:unable to verify the first certificate > verify return:1 > > Is this intended behaviour? Or is there something I can > do about it? From my understanding this should work: > Each self-signed certificate is in the list of trusted > CAs of the communication partner, so there is a definite > trust. Or is it some obscure extension missing etc? ;-)
Well, found out already: I did not set basicConstraints and keyUsage correctly. So there was an issuer certificate, but it was not "allowed" to sign itself... Regards, Olaf -- Dipl.Inform. Olaf Gellert INTRUSION-LAB.NET Senior Researcher, www.intrusion-lab.net PKI - and IDS - Services [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]