Are any intermediate CA certificates involved?
No. The CA is home-made, created using OpenSSL. It has a self-signed certificate.
This command will dump all certificates received: openssl s_client -connect hostname:portnum -showcerts
[EMAIL PROTECTED] ~]$ openssl s_client -connect my.server.address:5432 -showcerts CONNECTED(00000003) 4386:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188:
If you split them into files and try: openssl x509 -in cert.pem -dates -noout
Can't try this right now... As for the dates, I store all my certificates with the human-readable preamble (the -text option used with x509). Dates are OK in all of them. I dumped them again and got the same result. This is what I tried next: [EMAIL PROTECTED] ~]$ openssl s_client -debug -connect my.server.address:5432 -showcerts CONNECTED(00000003) write to 0x9fcb948 [0x9fcb990] (124 bytes => 124 (0x7C)) 0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 39 00 00 .z....Q... ..9.. 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5............ 0020 - 00 00 33 00 00 32 00 00-2f 00 00 07 05 00 80 03 ..3..2../....... 0030 - 00 80 00 00 05 00 00 04-01 00 80 00 00 15 00 00 ................ 0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08 [EMAIL PROTECTED] 0050 - 00 00 06 04 00 80 00 00-03 02 00 80 64 70 9c 33 ............dp.3 0060 - 54 71 07 96 37 d8 e5 9c-22 01 5b 19 60 9f d0 1f Tq..7...".[.`... 0070 - a3 43 82 8d 51 2d eb bc-c8 84 1c bb .C..Q-...... read from 0x9fcb948 [0x9fd0ef0] (7 bytes => 0 (0x0)) 4407:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188: A local IP connection directly on the server fails the same way, too. (Non-SSL IP connections to the database do work, however.) What should I try now? If you want me to carry out further experiments, just let me know. Andrej ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]