I used SelfSSL.exe utility to create self-signed certificate and installed it into IIS on my website. My OpenSSL client fails when I try to connect to my website. I've got this error:
SSL_connect() failed: error:00000001:lib(0):func(0):reason(1) error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed After that I created self-signed certificate using OpenSSL and installed it into IIS on my website. In that case my OpenSSL client work fine. I compared two certificates (created by SelfSSL and OpenSSL). I found one important difference: SelfSSL's certificate's "Key Usage" extension has no "Certificate Signing" bit asserted. In other words SelfSSL generates self-signed certificate which cannot be used to sign certificates. But it's self-signed! It was used to sign certificate, but certificate signing is restricted for it. So, there are two questions: 1. Is this (SelfSSL) certificate valid (for OpenSSL)? 2. Are there any workaround to use this certificate in my OpenSSL client? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]